Primary

Context

TestLink Unauthenticated Arbitrary File Download Vulnerability

Vulnerability

A vulnerability allowing unauthenticated users to download arbitrary files has been identified in TestLink versions 1.16 through 1.19. This issue resides in the 'attachmentdownload.php' endpoint, where access controls can be bypassed by using the 'skipCheck=1' parameter. Attackers can exploit this vulnerability by iterating file IDs through the 'id' parameter to access restricted files.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server.

Reproduction

To reproduce this vulnerability, send a request to the 'attachmentdownload.php' file within the 'lib/attachments' directory. Include the 'id' parameter with a file ID and set 'skipCheck' to 1. The absence of session checks allows the download of files without authentication.

Added: Jan 15, 2026, 4:44 PM

Updated: Jan 15, 2026, 4:44 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TestLink Unauthenticated Arbitrary File Download Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

TestLink

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating