Description

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

Remediation

References

CVE-2017-9067

Related Vulnerabilities

WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (6.7.6)

WordPress Plugin Protected Posts Logout Button Cross-Site Request Forgery (1.4.4)

Joomla! Core 3.x.x Multiple Vulnerabilities (3.2.0 - 3.6.5)

WordPress Plugin post highlights Cross-Site Scripting (2.6)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4292)

Severity

High

Classification

CVE-2017-9067 CWE-22 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities