TestLink 1.9.20 Unrestricted Upload of File with Dangerous Type Vulnerability


An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. 




The information has been provided by Miguel Delgado

The original article can be found at:https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection


This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.


Vulnerable Systems:

TestLink 1.9.20


CVE Information:


Disclosure Timeline:
Published Date:4/3/2020

Categories: FeaturedNews