Lucene search

[email protected]NVD:CVE-2007-0659

HistoryFeb 01, 2007 - 10:28 p.m.

CVE-2007-0659

2007-02-0122:28:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

Affected configurations

Nvd

Node

modxcmsfiledownloadMatch1.7

modxcmsfiledownloadMatch2.0

VendorProductVersionCPE
modxcmsfiledownload1.7cpe:2.3:a:modxcms:filedownload:1.7:*:*:*:*:*:*:*
modxcmsfiledownload2.0cpe:2.3:a:modxcms:filedownload:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
modxcms	filedownload	1.7	cpe:2.3:a:modxcms:filedownload:1.7:::::::*
modxcms	filedownload	2.0	cpe:2.3:a:modxcms:filedownload:2.0:::::::*

References

modxcms.com/forums/index.php/topic%2C10470.0.html

secunia.com/advisories/23953

www.muddydogpaws.com/Home.html

www.securityfocus.com/bid/22327

www.vupen.com/english/advisories/2007/0426

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

Related for NVD:CVE-2007-0659

prion1 cve1 cvelist1 securityvulns1