Lucene search
AttackerKBAKB:2705BCEA-341D-44B4-B544-633B48452FEEHistoryMar 09, 2017 - 12:00 a.m.
CVE-2017-6526
2017-03-0900:00:00
attackerkb.com
8
0.864 High
EPSS
Percentile
98.6%
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
Recent assessments:
h00die at March 27, 2020 4:16pm UTC reported:
The Admin console includes a command to run shell commands. The GETrequest to cgi-bin/dna/sysAdmin.cgi requires administrative privileges on the account, however the POST command to run a command does not require authentication. Thus allowing an arbitrary command execution. Scripts were all written in perl, so a perl based payload is most safe.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
Related
packetstorm
packetstorm
dnaLIMS Admin Module Command Execution
2017-03-20 00:00:00
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking
2017-03-10 00:00:00
zdt
zdt
dnaLIMS Admin Module Command Execution Exploit
2017-04-02 00:00:00
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking Vulnerabilities
2017-03-10 00:00:00
checkpoint_advisories
checkpoint_advisories
dnaTools dnaLIMS DNA Sequencer Command Injection (CVE-2017-6526)
2019-07-07 00:00:00
nvd
nvd
CVE-2017-6526
2017-03-09 19:59:00
cvelist
cvelist
CVE-2017-6526
2017-03-09 19:00:00
cve
cve
CVE-2017-6526
2017-03-09 19:59:00
prion
prion
Command injection
2017-03-09 19:59:00
openvas
openvas
dnaLIMS Multiple Security Vulnerabilities
2017-03-13 00:00:00
seebug
seebug
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking (CVE-2017-6526)
2017-04-10 00:00:00
exploitpack
exploitpack
exploitdb
exploitdb