Lucene search

[email protected]CVE-2007-0659

HistoryFeb 01, 2007 - 10:28 p.m.

CVE-2007-0659

2007-02-0122:28:00

[email protected]

web.nvd.nist.gov

muddydogpaws

filedownload

modx

cve-2007-0659

security vulnerability

remote attackers

arbitrary files

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.1%

JSON

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

Affected configurations

NVD

Node

modxcmsfiledownloadMatch1.7

modxcmsfiledownloadMatch2.0

CPENameOperatorVersion
modxcms:filedownloadmodxcms filedownloadeq1.7
modxcms:filedownloadmodxcms filedownloadeq2.0

CPE	Name	Operator	Version
modxcms:filedownload	modxcms filedownload	eq	1.7
modxcms:filedownload	modxcms filedownload	eq	2.0

References

modxcms.com/forums/index.php/topic%2C10470.0.html

secunia.com/advisories/23953

www.muddydogpaws.com/Home.html

www.securityfocus.com/bid/22327

www.vupen.com/english/advisories/2007/0426

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.1%

JSON

Related for CVE-2007-0659

prion1 nvd1 cvelist1 securityvulns1