Main Vulnerability Database Vulnerabilities #VU39103

#VU39103 Path traversal in MODX Revolution - CVE-2017-8115

Published: April 25, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39103

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-8115

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MODX Revolution

Software vendor:
MODX

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.

Remediation

Install update from vendor's website.

External links

https://github.com/modxcms/revolution/issues/13432
https://github.com/modxcms/revolution/pull/13433