Description

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

Remediation

References

CVE-2017-9067

Related Vulnerabilities

Envoy Proxy Use After Free Vulnerability (CVE-2021-43825)

MySQL CVE-2015-0501 Vulnerability (CVE-2015-0501)

WordPress Plugin Rezgo Online Booking Cross-Site Scripting (4.1.7)

Jenkins Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2021-21615)

WordPress Plugin Cf7Save Extension Cross-Site Scripting (1.0)

Severity

High

Classification

CVE-2017-9067 CWE-22 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities