CVE-2010-2006

NameCVE-2010-2006
DescriptionDirectory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2146-1
Debian Bugs582587

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mydmssourcelenny1.7.0-1+lenny1DSA-2146-1
mydmssource(unstable)1.7.2+1.7.3-1.1medium582587

Notes

seems to have changed name to letoDMS
Search for package or bug name: Reporting problems