CVE-2010-2006

NameCVE-2010-2006
DescriptionDirectory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2146-1
NVD severitymedium (attack range: remote)
Debian Bugs582587
Debian/oldoldstablenot known to be vulnerable.
Debian/oldstablenot known to be vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mydmssource(unstable)1.7.2+1.7.3-1.1medium582587
mydmssourcelenny1.7.0-1+lenny1mediumDSA-2146-1

Notes

seems to have changed name to letoDMS

Search for package or bug name: Reporting problems