An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-03T18:36:44
Updated: 2024-08-04T10:03:46.367Z
Reserved: 2020-02-05T00:00:00
Link: CVE-2020-8639
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-04-03T19:15:13.593
Modified: 2021-02-22T19:16:40.023
Link: CVE-2020-8639
Redhat
No data.