Description

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

Remediation

References

CVE-2017-9067

Related Vulnerabilities

e107 Other Vulnerability (CVE-2006-2591)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17295)

WordPress Plugin AMP extensions Cross-Site Scripting (1.1)

Jenkins Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3666)

WordPress Plugin Thank You Counter Button Cross-Site Scripting (1.8.2)

Severity

High

Classification

CVE-2017-9067 CWE-22 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities