TestLink 1.9.20 Unrestricted Upload of File with Dangerous Type Vulnerability
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
The information has been provided by Miguel Delgado
The original article can be found at:https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection
This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.