CVE-2020-8639

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:testlink:testlink:1.9.20:*:*:*:*:*:*:*

Information

Published : 2020-04-03 12:15

Updated : 2021-02-22 11:16


NVD link : CVE-2020-8639

Mitre link : CVE-2020-8639


JSON object : View

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type

Advertisement

dedicated server usa

Products Affected

testlink

  • testlink