CVE-2017-9067 - OpenCVE

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Php
Modx	Modx Revolution

Configuration 1 [-]

cpe:2.3:a:modx:modx_revolution:2.5.6:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

References

Link	Resource
https://citadelo.com/en/2017/04/modx-revolution-cms/	Exploit Third Party Advisory
https://github.com/modxcms/revolution/pull/13422	Third Party Advisory
https://github.com/modxcms/revolution/pull/13428	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:08

Updated: 2022-10-03T16:23:08

Reserved: 2022-10-03T00:00:00

Link: CVE-2017-9067

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-05-18T16:29:00.157

Modified: 2017-05-31T15:07:55.447

Link: CVE-2017-9067

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:23:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/modxcms/revolution/pull/13428"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/modxcms/revolution/pull/13422"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9067", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://citadelo.com/en/2017/04/modx-revolution-cms/", "refsource": "MISC", "url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"}, {"name": "https://github.com/modxcms/revolution/pull/13428", "refsource": "MISC", "url": "https://github.com/modxcms/revolution/pull/13428"}, {"name": "https://github.com/modxcms/revolution/pull/13422", "refsource": "MISC", "url": "https://github.com/modxcms/revolution/pull/13422"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9067", "datePublished": "2022-10-03T16:23:08", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:23:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:modx:modx_revolution:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "B6F55854-0593-47D3-B84B-810C2D41A37F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal."}, {"lang": "es", "value": "En MODX Revolution anterior a versi\u00f3n 2.5.7, cuando se utiliza PHP versi\u00f3n 5.3.3, un atacante es capaz de incluir y ejecutar archivos arbitrarios en el servidor web debido a la comprobaci\u00f3n insuficiente del par\u00e1metro action en el archivo setup/index.php, tambi\u00e9n se conoce como salto de directorio."}], "id": "CVE-2017-9067", "lastModified": "2017-05-31T15:07:55.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-18T16:29:00.157", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/modxcms/revolution/pull/13422"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/modxcms/revolution/pull/13428"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}