Shorebreak Security reported issues with dnaLIMS:
An unauthenticated attacker has the ability to execute system commands in the context of the web server process, hijack active user sessions, retrieve system files (including the plaintext password file), and inject untrusted html or JavaScript into the dnaLIMS application. An attacker could use these vulnerabilities together in order to gain control of the application as well as the operating system hosting the dnaLIMS software.
dnaLIMS was informed but apparently did not fixed the issues.
https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/