CVE-2017-8115 - OpenCVE

Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Modx	Modx Revolution

Configuration 1 [-]

cpe:2.3:a:modx:modx_revolution:2.5.7:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/modxcms/revolution/issues/13432	Third Party Advisory
https://github.com/modxcms/revolution/pull/13433	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:05

Updated: 2022-10-03T16:23:05

Reserved: 2022-10-03T00:00:00

Link: CVE-2017-8115

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-04-25T19:59:00.427

Modified: 2017-05-05T17:57:50.337

Link: CVE-2017-8115

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:modx:modx_revolution:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "5E69041C-F126-4D58-9735-BA111D7A374F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote attackers to obtain system directory information."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en setup/processors/url_search.php en MODX Revolution versi\u00f3n 2.5.7, que permitir\u00eda a atacantes remotos obtener informaci\u00f3n del directorio del sistema."}], "id": "CVE-2017-8115", "lastModified": "2017-05-05T17:57:50.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-25T19:59:00.427", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/modxcms/revolution/issues/13432"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/modxcms/revolution/pull/13433"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}