CVE-2017-6527

HIGH

Dnatools Dnalims - Path Traversal

Title source: rule

Description

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).

Exploits (2)

exploitdb WRITEUP
by Shorebreak Security · textwebappscgi
https://www.exploit-db.com/exploits/41578
metasploit WORKING POC
by h00die <[email protected]>, flakey_biscuit <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/dnalims_file_retrieve.rb

References (3)

Scores

CVSS v3 7.5
EPSS 0.7591
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
dnatools/dnalims 4-2015s13
Published Mar 09, 2017
Tracked Since Feb 18, 2026