2018-03-05 07:00:00
mitre
PUBLISHED
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.