Testlink · Testlink · CVE-2021-47760
**Name of the Vulnerable Software and Affected Versions**
TestLink versions 1.16 through 1.19
**Description**
The software contains an unauthenticated file download issue. An attacker can download arbitrary files by manipulating the `id` parameter in the ''attachmentdownload.php'' endpoint, utilizing 'skipCheck=1' to circumvent access controls.
**Recommendations**
Update TestLink to a version later than 1.19.