CVE-2007-0659

2007-02-0122:00:00

mitre

www.cve.org

AI Score

6.8

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

References

modxcms.com/forums/index.php/topic%2C10470.0.html

secunia.com/advisories/23953

www.muddydogpaws.com/Home.html

www.securityfocus.com/bid/22327

www.vupen.com/english/advisories/2007/0426