download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
CPE | Name | Operator | Version |
---|---|---|---|
filedownload | eq | 2.0 | |
filedownload | eq | 1.7 |