CVE-2017-9067: Path Traversal
First published: Thu May 18 2017(Updated: )
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Modx Modx Revolution | =2.5.6 | |
| PHP PHP | =5.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/modx
- canonical/modx modx revolution
- version/modx modx revolution/2.5.6
- vendor/php
- canonical/php php
- version/php php/5.3.3