VULHUB ™

It is reported that DMS is susceptible to a directory traversal vulnerability, and an administrative access authentication bypass vulnerability. The directory traversal issue is due to insufficient sanitization of user-supplied data. An attacker may exploit this vulnerability in order to disclose web server readable files that exist outside of the web root on the vulnerable server. The administrative access authentication bypass vulnerability is present when an attacker directly accesses the URI of the administrative script. These vulnerabilities allow a remote attacker to administer the application, or retrieve potentially sensitive files, possibly aiding them in further system compromise. Version 1.0.2 of the software is reported vulnerable to these issues. Other versions may also be affected.

It is reported that DMS is susceptible to a directory traversal vulnerability, and an administrative access authentication bypass vulnerability. The directory traversal issue is due to insufficient sanitization of user-supplied data. An attacker may exploit this vulnerability in order to disclose web server readable files that exist outside of the web root on the vulnerable server. The administrative access authentication bypass vulnerability is present when an attacker directly accesses the URI of the administrative script. These vulnerabilities allow a remote attacker to administer the application, or retrieve potentially sensitive files, possibly aiding them in further system compromise. Version 1.0.2 of the software is reported vulnerable to these issues. Other versions may also be affected.