CVE-2017-6526

Name of the Vulnerable Software and Affected Versions dnaLIMS version 4-2015s13

Description The issue concerns an improperly protected administrative web shell, allowing unauthenticated command execution. This can be exploited through cgi-bin/dna/sysAdmin.cgi using specially crafted POST requests, enabling a remote attacker to execute arbitrary commands. The vulnerability is related to the lack of input data sanitization measures in the administrative web shell of the dnaLIMS software.

Recommendations For dnaLIMS version 4-2015s13, consider disabling access to the cgi-bin/dna/sysAdmin.cgi endpoint until a patch is available to prevent exploitation. Restricting access to this administrative web shell can help minimize the risk of command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.