NUL-Terminated Directory Traversal Vulnerability in dnaLIMS 4-2015s13

NUL-Terminated Directory Traversal Vulnerability in dnaLIMS 4-2015s13

CVE-2017-6527 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).

Learn more about our Web App Pen Testing.