CVE-2017-9067

Опубликовано: 18 мая 2017

Источник: nvd

CVSS3: 7

CVSS2: 4.4

EPSS Низкий

Описание

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

Ссылки

https://citadelo.com/en/2017/04/modx-revolution-cms/
Exploit
Third Party Advisory
https://github.com/modxcms/revolution/pull/13422
Third Party Advisory
https://github.com/modxcms/revolution/pull/13428
Third Party Advisory
https://citadelo.com/en/2017/04/modx-revolution-cms/
Exploit
Third Party Advisory
https://github.com/modxcms/revolution/pull/13422
Third Party Advisory
https://github.com/modxcms/revolution/pull/13428
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:modx:modx_revolution:2.5.6:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00127

Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-cgrv-6h2h-6f7v