Vulnerability Details CVE-2007-0659
download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://modxcms.com/forums/index.php/topic%2C10470.0.html
- http://secunia.com/advisories/23953
- http://www.muddydogpaws.com/Home.html
- http://www.securityfocus.com/bid/22327
- http://www.vupen.com/english/advisories/2007/0426
- http://modxcms.com/forums/index.php/topic%2C10470.0.html
- http://secunia.com/advisories/23953
- http://www.muddydogpaws.com/Home.html
- http://www.securityfocus.com/bid/22327
- http://www.vupen.com/english/advisories/2007/0426
Products affected by CVE-2007-0659
-
cpe:2.3:a:modxcms:filedownload:1.7
-
cpe:2.3:a:modxcms:filedownload:2.0