CVE-2007-0389 Information

Description

Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier and ArsDigita Community Education Solution (ACES) 1.1 allows remote attackers to read arbitrary files via .252e/ (double-encoded dot dot slash) sequences in the URI.

Reference

http://osvdb.org/33552 http://www.securityfocus.com/archive/1/457318/100/0/threaded http://www.securityfocus.com/bid/22121 http://www.vupen.com/english/advisories/2007/0286 https://exchange.xforce.ibmcloud.com/vulnerabilities/31613 acs-url-directory-traversal(31613)