Опубликовано: 15 янв. 2026
Источник: github
Github: Не прошло ревью
CVSS4: 6.9
CVSS3: 9.8
Описание
TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter with 'skipCheck=1' to bypass access controls.
TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter with 'skipCheck=1' to bypass access controls.
Связанные уязвимости
nvd
23 дня назад
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate.