CVE-2007-0389

Arsdigita Community Education Solution < 3.4.10 - Path Traversal

Title source: rule
STIX 2.1

Description

Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Elliot Kendall · textremotelinux
https://www.exploit-db.com/exploits/29496

References (5)

Core 5
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0286
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31613
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33552
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22121
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457318/100/0/threaded

Scores

EPSS 0.0594
EPSS Percentile 90.7%

Details

Status published
Products (2)
arsdigita/arsdigita_community_education_solution 1.1
arsdigita/arsdigita_community_system < 3.4.10
Published Jan 19, 2007
Tracked Since Feb 18, 2026