Dnatools: >> Dnalims Security Vulnerabilities
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
CVSS Score
9.8
EPSS Score
0.837
Published
2017-03-09
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
CVSS Score
7.5
EPSS Score
0.759
Published
2017-03-09
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
CVSS Score
8.1
EPSS Score
0.072
Published
2017-03-09
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
CVSS Score
8.8
EPSS Score
0.045
Published
2017-03-09