Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as a duplicate.

TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter with 'skipCheck=1' to bypass access controls.