ID:3766 - Exploit for Path traversal in dnaLIMS - CVE-2017-6527

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3766 - Exploit for Path traversal in dnaLIMS - CVE-2017-6527

ID:3766 - Exploit for Path traversal in dnaLIMS - CVE-2017-6527

Published: August 9, 2020


Vulnerability identifier: #VU39478
Vulnerability risk: Medium
CVE-ID: CVE-2017-6527
CWE-ID: CWE-22
Exploitation vector: Remote access
Vulnerable software:
dnaLIMS

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).


Remediation

Install update from vendor's website.