An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application.
{
"source": [
"CPE_STRING",
"REFERENCES"
],
"cpe": "cpe:2.3:a:testlink:testlink:1.9.20:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.9.20"
},
{
"last_affected": "1.9.20"
}
]
}