Vulnerability Database

318,251

Total vulnerabilities in the database

CVE-2021-47760

TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter with 'skipCheck=1' to bypass access controls.

Published: Jan 15, 2026
Updated: Jan 16, 2026
CVE: CVE-2021-47760
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

No affected software listed.

https://testlink.org/
https://web.archive.org/web/20211208031345/https://nch.ninja/blog/unauthorized-file-download-attached-files-testlink-116-119/
https://www.exploit-db.com/exploits/50578

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo