CVE-2017-9067

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
Configurations

Configuration 1 (hide)

cpe:2.3:a:modx:modx_revolution:2.5.6:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

History

21 Nov 2024, 03:35

Type Values Removed Values Added
References () https://citadelo.com/en/2017/04/modx-revolution-cms/ - Exploit, Third Party Advisory () https://citadelo.com/en/2017/04/modx-revolution-cms/ - Exploit, Third Party Advisory
References () https://github.com/modxcms/revolution/pull/13422 - Third Party Advisory () https://github.com/modxcms/revolution/pull/13422 - Third Party Advisory
References () https://github.com/modxcms/revolution/pull/13428 - Third Party Advisory () https://github.com/modxcms/revolution/pull/13428 - Third Party Advisory

Information

Published : 2017-05-18 16:29

Updated : 2024-11-21 03:35


NVD link : CVE-2017-9067

Mitre link : CVE-2017-9067

CVE.ORG link : CVE-2017-9067


JSON object : View

Products Affected

php

  • php

modx

  • modx_revolution
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')