CVE-2021-47760

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TestLink versions 1.16 through 1.19

Description The software contains an unauthenticated file download issue. An attacker can download arbitrary files by manipulating the id parameter in the ''attachmentdownload.php'' endpoint, utilizing 'skipCheck=1' to circumvent access controls.

Recommendations Update TestLink to a version later than 1.19.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2021-47760

Affected Products

Testlink

CVE-2021-47760

Weakness Enumeration

Related Identifiers

Affected Products

References · 7