GHSA-cgrv-6h2h-6f7v

Source

https://github.com/advisories/GHSA-cgrv-6h2h-6f7v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cgrv-6h2h-6f7v/GHSA-cgrv-6h2h-6f7v.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-cgrv-6h2h-6f7v

Aliases

CVE-2017-9067

Published

2022-05-17T02:43:12Z

Modified

2025-04-22T19:12:06.041863Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

MODX Revolution Directory Traversal Vulnerability

Details

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

Database specific

{
    "severity": "HIGH",
    "github_reviewed_at": "2025-04-22T18:42:58Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2017-05-18T16:29:00Z"
}

References

Affected packages

Packagist / modx/revolution

Package

Name: modx/revolution
Purl: pkg:composer/modx/revolution

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.7

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cgrv-6h2h-6f7v/GHSA-cgrv-6h2h-6f7v.json"