Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-2006

Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

Related bugs and status

CVE-2010-2006 (Candidate) is related to these bugs:

Bug #612061: Sync mydms 1.7.2+1.7.3-1.1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	612061	Sync mydms 1.7.2+1.7.3-1.1 (universe) from Debian unstable (main)		mydms (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://www.sec-consul...
OSVDB: 61834
SECUNIA: 38237
DEBIAN: DSA-2146
BID: 37828
SECUNIA: 42900
XF: letodms-oplogin-file-i...
BUGTRAQ: 20100115 SEC Consult S...