Required CVE Record Information
Description
Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
References 8 Total
- secunia.com: 38237 third-party-advisory
- https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt
- exchange.xforce.ibmcloud.com: letodms-oplogin-file-include(55709) vdb-entry
- secunia.com: 42900 third-party-advisory
- securityfocus.com: 37828 vdb-entry
- securityfocus.com: 20100115 SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS) mailing-list
- osvdb.org: 61834 vdb-entry
- debian.org: DSA-2146 vendor-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- secunia.com: 38237 third-party-advisoryx_transferred
- https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt x_transferred
- exchange.xforce.ibmcloud.com: letodms-oplogin-file-include(55709) vdb-entryx_transferred
- secunia.com: 42900 third-party-advisoryx_transferred
- securityfocus.com: 37828 vdb-entryx_transferred
- securityfocus.com: 20100115 SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS) mailing-listx_transferred
- osvdb.org: 61834 vdb-entryx_transferred
- debian.org: DSA-2146 vendor-advisoryx_transferred