Description

Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.

Remediation

References

CVE-2017-8115

Related Vulnerabilities

Oracle JRE CVE-2013-2443 Vulnerability (CVE-2013-2443)

Jenkins Insufficient Verification of Data Authenticity Vulnerability (CVE-2015-7539)

WordPress Plugin WP Edit Unspecified Vulnerability (3.0)

Moodle Improper Access Control Vulnerability (CVE-2020-25629)

WordPress Plugin Disclosure Policy 'abspath' Parameter Remote File Include (1.0)

Severity

Medium

Classification

CVE-2017-8115 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities