We trust in security

Blog

We trust in security - Blog

Categoría AppSec

Miguel Delgado
Testlink 1.9.20: Unrestricted file upload and SQL injection

Testlink is an open source, web based test management and test execution system written in PHP (a scripting language also known as an Hypertext Preprocessor). During a recent security audit, our AppSec team found an unrestricted file upload (CVE-2020-8639) and two SQL Injection vulnerabilities (CVE-2020-8637, CVE-2020-8638). Below we provide an in depth overview of the three identified flaws and ways they can be exploited. Unrestricted file upload: Technical Analysis Teslink offers the possibility to categorize test cases using keywords.