CVE-2007-0389

High

7.8/10

Summary

Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: COMPLETE
Availability Impact: NONE

References

Advisory Timeline

Published Jan 19, 2007

CVE-2007-0389

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS