header-logo
Suggest Exploit
vendor:
LetoDMS (formerly known as MyDMS)
by:
7.5
CVSS
HIGH
Local File Include
98
CWE
Product Name: LetoDMS (formerly known as MyDMS)
Affected Version From: 1.7.2002
Affected Version To: 1.7.2002
Patch Exists: NO
Related CWE:
CPE: a:letodms_project:letodms:1.7.2
Metasploit:
Other Scripts:
Platforms Tested:

LetoDMS Local File Include Vulnerability

LetoDMS (formerly known as MyDMS) is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input and validate file paths before including them in the code. Additionally, it is advised to keep the software up to date with the latest patches and versions.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/37828/info

LetoDMS (formerly known as MyDMS) is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue may allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

LetoDMS 1.7.2 is vulnerable; other versions may also be affected.


GET /mydms/op/op.Login.php?login=guest&sesstheme=&lang=../../../../boot.ini%00&sesstheme= HTTP/1.1

Navigation

Suggest Exploit

Services By CQR