CVE-2020-8639
TestLink 1.9.20 - Unrestricted File Upload (Authenticated)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.
Una vulnerabilidad de carga de archivos no restringida en el archivo keywordsImport.php en TestLink versión 1.9.20, permite a atacantes remotos ejecutar código arbitrario al cargar un archivo con una extensión ejecutable. Esto permite a un atacante autenticado cargar un archivo malicioso (que contiene código PHP para ejecutar comandos del sistema operativo) en un directorio de la aplicación accesible públicamente.
TestLink version 1.9.20 suffers from a remote shell upload vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-05 CVE Reserved
- 2020-04-03 CVE Published
- 2021-02-14 First Exploit
- 2024-08-04 CVE Updated
- 2025-04-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/57d81ae350d569c5c95087997fe051c49e14516d | 2021-02-22 |
| URL | Date | SRC |
|---|