TestLink versions 1.9.12 and below suffer from a PHP object injection vulnerability in execSetResults.php.