Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application

Posted by Nicholas von Pechmann on Mar 10

Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing
web-application
Advisory URL:
https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/
Date published: Mar 08, 2017
Vendor: dnaTools, Inc.
CVE IDs: [2017-6526, 2017-6527, 2017-6528, 2017-6529]
USCERT VU: 929263

Vulnerability Summaries
1) Improperly protected web shell [CVE-2017-6526]
dnaLIMS requires authentication to view cgi-bin/dna/sysAdmin.cgi,…

007 Software