header-logo
Suggest Exploit
vendor:
Acuity CMS
by:
SecurityFocus
7,5
CVSS
HIGH
Directory Traversal and Arbitrary File Upload
22 (Path Traversal) and 264 (Permissions, Privileges, and Access Controls)
CWE
Product Name: Acuity CMS
Affected Version From: 2.6.2
Affected Version To: 2.6.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Acuity CMS Directory Traversal and Arbitrary File Upload Vulnerabilities

Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and run it in the context of the webserver process.

Mitigation:

Ensure that the application is not vulnerable to directory traversal attacks by validating user-supplied input and restricting access to sensitive files and directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/53616/info
 
Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability.
 
An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and run it in the context of the webserver process.
 
Acuity CMS 2.6.2 is vulnerable; prior versions may also be affected. 


http://www.example.com/admin/file_manager/browse.asp?field=&form=&path=../../

Navigation

Suggest Exploit

Services By CQR