Acuity CMS contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to the /admin/file_manager/browse.asp script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'path' parameter parameter. This directory traversal attack would allow the attacker to gain access to arbitrary files.

The vendor has discontinued this product and therefore has no patch or upgrade that mitigates this problem. It is recommended that an alternate software package be used in its place.

• Bugtraq ID: 53616
• Related OSVDB ID: 82430
• Packet Storm: http://packetstormsecurity.org/files/112933/Acuity-CMS-2.6.x-Directory-Traversal.html
• Mail List Post: http://seclists.org/bugtraq/2012/May/112
• Vendor URL: http://www.thecollective.com.au/
• Other Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bacuity_cms2.6%20x_%28asp%29%5D_path_traversal

• Aung Khant - YGN Ethical Hacker Group

NVD does not currently have a CVSSv2 score assigned.