TestLink 1.9.20 Unrestricted Upload of File with Dangerous Type Vulnerability

Summary

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. 

 

 

Credit:

The information has been provided by Miguel Delgado

The original article can be found at:https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection


Details

This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.

 

Vulnerable Systems:

TestLink 1.9.20

 

CVE Information:

CVE-2020-8639

Disclosure Timeline:
Published Date:4/3/2020

Categories: FeaturedNews