vendor:
Acuity CMS
by:
SecurityFocus
7,5
CVSS
HIGH
Directory Traversal and Arbitrary File Upload
22 (Path Traversal) and 264 (Permissions, Privileges, and Access Controls)
CWE
Product Name: Acuity CMS
Affected Version From: 2.6.2
Affected Version To: 2.6.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012
Acuity CMS Directory Traversal and Arbitrary File Upload Vulnerabilities
Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and run it in the context of the webserver process.
Mitigation:
Ensure that the application is not vulnerable to directory traversal attacks by validating user-supplied input and restricting access to sensitive files and directories.
