Acuity CMS 2.6.2 - '/admin/file_manager/browse.asp?path' Traversal Arbitrary File Access

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1063708 漏洞类型
发布时间 2012-05-21 更新时间 2012-05-21
CVE编号 N/A CNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/37223
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/53616/info
 
Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability.
 
An attacker can exploit these issues to obtain sensitive information, to upload arbitrary code, and run it in the context of the webserver process.
 
Acuity CMS 2.6.2 is vulnerable; prior versions may also be affected. 


http://www.example.com/admin/file_manager/browse.asp?field=&form=&path=../../