PT-2007-1860 · Arsdigita · Arsdigita Community System+1

Published

2007-01-19

Updated

2018-10-16

CVE-2007-0389

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: ArsDigita Community System (ACS) versions 3.4.10 and earlier ArsDigita Community Education Solution (ACES) version 1.1

Description: The issue allows remote attackers to read arbitrary files via double-encoded dot dot slash sequences in the URI, such as .%252e/. This is a directory traversal vulnerability.

Recommendations: For ArsDigita Community System (ACS) versions 3.4.10 and earlier, update to a version later than 3.4.10. For ArsDigita Community Education Solution (ACES) version 1.1, consider restricting access to sensitive files until a patch is available. As a temporary workaround, consider validating and sanitizing URI inputs to prevent directory traversal attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0389

Affected Products

Arsdigita Community Education Solution

Arsdigita Community System

PT-2007-1860 · Arsdigita · Arsdigita Community System+1

CVE-2007-0389

Related Identifiers

Affected Products

References · 7