Design/Logic Flaw

2007-02-0122:28:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

CPENameOperatorVersion
filedownloadeq2.0
filedownloadeq1.7

CPE	Name	Operator	Version
	filedownload	eq	2.0
	filedownload	eq	1.7

References

modxcms.com/forums/index.php/topic%2C10470.0.html

secunia.com/advisories/23953

www.muddydogpaws.com/Home.html

www.securityfocus.com/bid/22327

www.vupen.com/english/advisories/2007/0426