CVE-2017-6527

Name of the Vulnerable Software and Affected Versions dnaLIMS version 4-2015s13

Description An issue was discovered in dnaLIMS, allowing an unauthenticated attacker to access system files readable by the web server user through a NUL-terminated directory traversal attack. This is achieved by exploiting the seqID parameter in the "viewAppletFsa.cgi" endpoint.

Recommendations For dnaLIMS version 4-2015s13, consider restricting access to the "viewAppletFsa.cgi" endpoint to prevent exploitation. Additionally, avoid using the seqID parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.