Description

Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.

Remediation

References

CVE-2017-8115

Related Vulnerabilities

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0096)

WordPress Plugin WP Symposium Multiple Vulnerabilities (14.05.02)

WordPress Plugin Photospace Responsive Gallery Unspecified Vulnerability (1.1.7)

WordPress Plugin Tapfiliate Cross-Site Scripting (3.0.12)

Drupal Other Vulnerability (CVE-2006-3570)

Severity

Medium

Classification

CVE-2017-8115 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities