vendor:
TestLink
by:
Gonzalo Villegas (Cl34r)
N/A
CVSS
N/A
Arbitrary File Download
CWE
Product Name: TestLink
Affected Version From: 1.16
Affected Version To: 1.19
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2021
TestLink 1.19 – Arbitrary File Download (Unauthenticated)
You can download files from "/lib/attachments/attachmentdownload.php", passing directly in URL the id of file listed on database, otherwise you can iterate the id parameter (from 1)