QwikSec

Security Database

CVE

CWE

Training

CVE-2020-8639

Published: Apr 3, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/

x_refsource_MISC

https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/57d81ae350d569c5c95087997fe051c49e14516d

x_refsource_CONFIRM

http://packetstormsecurity.com/files/161401/TestLink-1.9.20-Shell-Upload.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.