CVE-2024-46097

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-284
View all →

Vulnerability Description

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges.

Related Vulnerabilities

CVE-2014-3120

HIGH
CVSS:8.1(High)

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. ...

CWE-2842014

CVE-2015-7887

HIGH
CVSS:8.1(High)

NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.

CWE-2842015

CVE-2016-0304

HIGH
CVSS:8.1(High)

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass a...

CWE-2842016

CVE-2016-10030

HIGH
CVSS:8.1(High)

The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on...

CWE-2842016

CVE-2016-10417

HIGH
CVSS:8.1(High)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, M...

CWE-2842016

CVE-2016-10830

HIGH
CVSS:8.1(High)

cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

CWE-2842016