CVE-2017-9067

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:modx:modx_revolution:2.5.6:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-18 16:29

Updated : 2024-02-28 15:44


NVD link : CVE-2017-9067

Mitre link : CVE-2017-9067

CVE.ORG link : CVE-2017-9067


JSON object : View

Products Affected

php

  • php

modx

  • modx_revolution
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')