Vulnerability Details CVE-2017-6527
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.759
EPSS Ranking 98.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/96823
- https://www.exploit-db.com/exploits/41578/
- https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/
- http://www.securityfocus.com/bid/96823
- https://www.exploit-db.com/exploits/41578/
- https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/