Описание
Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.
Ссылки
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.10 (включая)
Одно из
cpe:2.3:a:arsdigita:arsdigita_community_education_solution:1.1:*:*:*:*:*:*:*
cpe:2.3:a:arsdigita:arsdigita_community_system:*:*:*:*:*:*:*:*
EPSS
Процентиль: 88%
0.03961
Низкий
7.8 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.
EPSS
Процентиль: 88%
0.03961
Низкий
7.8 High
CVSS2
Дефекты
NVD-CWE-Other