Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0094

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-0094
Last Modified 11 Oct 2008 01:48:31
Published 07 Jan 2008 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0094

Summary

Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.

Vulnerable Systems

Application

  • Modxcms 0.9.6.1


References

SECUNIA - 28220

XF - modx-ajaxsearch-file-include(39352)

BID - 27097

BID - 27096

BUGTRAQ - 20080102 MODx CMS Source code disclosure, local file inclusion

CONFIRM - http://modxcms.com/forums/index.php/topic,21290.0.html

SREASON - 3522


Last Updated: 27 May 2016 10:46:40