CVE-2017-9067 – modx/revolution

Package

Manager: composer
Name: modx/revolution
Vulnerable Version: >=0 <2.5.7

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00127 pctl0.32727

Details

MODX Revolution Directory Traversal Vulnerability In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

Metadata

Created: 2022-05-17T02:43:12Z
Modified: 2025-04-22T18:42:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cgrv-6h2h-6f7v/GHSA-cgrv-6h2h-6f7v.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-cgrv-6h2h-6f7v
Finding: F063
Auto approve: 1