CVE-2018-7719

HIGH NUCLEI

Acrolinx Server <5.2.5 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7719. PoCs published by Berk Dusunur. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Acrolinx Dashboard versions before 5.2.5. It allows an attacker to access arbitrary files on the server by manipulating the URL path.

Description

Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.

Exploits (1)

exploitdb WORKING POC

by Berk Dusunur · textremotewindows

https://www.exploit-db.com/exploits/44345

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Acrolinx Dashboard versions before 5.2.5. It allows an attacker to access arbitrary files on the server by manipulating the URL path.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Acrolinx Dashboard < 5.2.5

No auth needed

Prerequisites: Network access to the Acrolinx Dashboard server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Acrolinx Server <5.2.5 - Local File Inclusion

HIGHby 0x_akoko

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44345/

Vendor Advisory x_refsource_confirm

https://support.acrolinx.com/hc/en-us/articles/213987685-Acrolinx-Server-Version-5-1-including-subsequent-service-releases-

Scores

CVSS v3 7.5

EPSS 0.4631

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

acrolinx/acrolinx_server < 5.2.5

Published Mar 25, 2018

Tracked Since Feb 18, 2026