CVE-2007-0389

Name of the Vulnerable Software and Affected Versions: ArsDigita Community System (ACS) versions 3.4.10 and earlier ArsDigita Community Education Solution (ACES) version 1.1

Description: The issue allows remote attackers to read arbitrary files via double-encoded dot dot slash sequences in the URI, such as .%252e/. This is a directory traversal vulnerability.

Recommendations: For ArsDigita Community System (ACS) versions 3.4.10 and earlier, update to a version later than 3.4.10. For ArsDigita Community Education Solution (ACES) version 1.1, consider restricting access to sensitive files until a patch is available. As a temporary workaround, consider validating and sanitizing URI inputs to prevent directory traversal attacks.