EUVD-2006-5715

PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. NOTE: it is possible that this is a vulnerability in FCKeditor...

MODx CMS 0.9.1 - 'index.php' Directory Traversal

source: https://www.securityfocus.com/bid/17533/info MODxCMS is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable syst...