Description

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

Remediation

References

CVE-2017-9067

Related Vulnerabilities

Jboss EAP Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2019-10174)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9849)

WordPress Plugin Ultimate Affiliate Pro Multiple Cross-Site Scripting Vulnerabilities (3.6)

WordPress Plugin Visual CSS Style Editor Cross-Site Request Forgery (7.2.0)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.26)

Severity

High

Classification

CVE-2017-9067 CWE-22 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities