CVE-2018-7668
NONE EPSS 71.7%
Published Mar 5, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 5, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
Threat Intelligence
EPSS Exploit Probability
71.7% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| testlink | testlink | * | ≤1.9.16 |
References 1
- lists.openwall.net http://lists.openwall.net/full-disclosure/2018/02/28/1
Remediation
- lists.openwall.net http://lists.openwall.net/full-disclosure/2018/02/28/1