CVE-2021-47760

Name of the Vulnerable Software and Affected Versions TestLink versions 1.16 through 1.19

Description The software contains an unauthenticated file download issue. An attacker can download arbitrary files by manipulating the id parameter in the ''attachmentdownload.php'' endpoint, utilizing 'skipCheck=1' to circumvent access controls.

Recommendations Update TestLink to a version later than 1.19.