2026-01-15 15:52:06
VulnCheck
PUBLISHED
TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the id parameter with skipCheck=1 to bypass access controls.