A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
{
"source": [
"CPE_STRING",
"REFERENCES"
],
"cpe": "cpe:2.3:a:testlink:testlink:1.9.20:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.9.20"
},
{
"last_affected": "1.9.20"
}
]
}