2 matches found
CVE-2018-7668
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php...
CVE-2018-7668
CVE-2018-7668 affects TestLink up to version 1.9.16. The issue allows remote attackers to read arbitrary attachments by sending a modified ID to the download endpoint at /lib/attachments/attachmentdownload.php. The root cause is an insecure reference to attachment IDs in the download handler, ena...