Unrated severityNVD Advisory· Published Apr 3, 2020· Updated Aug 4, 2024
CVE-2020-8639
CVE-2020-8639
Description
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- TestLink/TestLinkdescription
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/161401/TestLink-1.9.20-Shell-Upload.htmlmitrex_refsource_MISC
- ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/mitrex_refsource_MISC
- github.com/TestLinkOpenSourceTRMS/testlink-code/commit/57d81ae350d569c5c95087997fe051c49e14516dmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.