Description

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

Remediation

References

CVE-2017-9067

Related Vulnerabilities

Serendipity Other Vulnerability (CVE-2005-1713)

WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (4.5.0)

MySQL Resource Management Errors Vulnerability (CVE-2010-3678)

PHP Cryptographic Issues Vulnerability (CVE-2011-3189)

WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)

Severity

High

Classification

CVE-2017-9067 CWE-22 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities