Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Path Traversal.
Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class.
The issue is due to the script, /admin/file_manager/browse.asp, not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'path' parameter. It would allow the attacker to access arbitrary files outside of web root directory.
Tested with version 2.6.2.
The Acunity CMS is no longer in active development. It is recommended to user another CMS in active development and support.
The Collective http://www.thecollective.com.au/
Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.
2012-05-20: vulnerability disclosed
Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bacuity_cms2.6%20x_(asp)%5D_path_traversal