Required CVE Record Information
Description
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.
References 7 Total
- securityreason.com: 3522 third-party-advisory
- secunia.com: 28220 third-party-advisory
- http://modxcms.com/forums/index.php/topic%2C21290.0.html
- exchange.xforce.ibmcloud.com: modx-ajaxsearch-file-include(39352) vdb-entry
- securityfocus.com: 27097 vdb-entry
- securityfocus.com: 20080102 MODx CMS Source code disclosure, local file inclusion mailing-list
- securityfocus.com: 27096 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- securityreason.com: 3522 third-party-advisoryx_transferred
- secunia.com: 28220 third-party-advisoryx_transferred
- http://modxcms.com/forums/index.php/topic%2C21290.0.html x_transferred
- exchange.xforce.ibmcloud.com: modx-ajaxsearch-file-include(39352) vdb-entryx_transferred
- securityfocus.com: 27097 vdb-entryx_transferred
- securityfocus.com: 20080102 MODx CMS Source code disclosure, local file inclusion mailing-listx_transferred
- securityfocus.com: 27096 vdb-entryx_transferred