CVE-2006-1821 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Modxcms	Modxcms

Configuration 1 [-]

cpe:2.3:a:modxcms:modxcms:0.9.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/19645
http://securitytracker.com/id?1015940
http://www.securityfocus.com/archive/1/431010/100/0/threaded
http://www.securityfocus.com/bid/17533
http://www.vupen.com/english/advisories/2006/1383
https://exchange.xforce.ibmcloud.com/vulnerabilities/25895

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-18T10:00:00

Updated: 2024-08-07T17:27:28.998Z

Reserved: 2006-04-17T00:00:00

Link: CVE-2006-1821

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-18T10:02:00.000

Modified: 2024-11-21T00:09:50.547

Link: CVE-2006-1821

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19645", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19645"}, {"name": "20060414 Vulnerabilities in MODx", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/431010/100/0/threaded"}, {"name": "modx-index-directory-traversal(25895)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25895"}, {"name": "ADV-2006-1383", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1383"}, {"name": "17533", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17533"}, {"name": "1015940", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015940"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1821", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19645", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19645"}, {"name": "20060414 Vulnerabilities in MODx", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/431010/100/0/threaded"}, {"name": "modx-index-directory-traversal(25895)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25895"}, {"name": "ADV-2006-1383", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1383"}, {"name": "17533", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17533"}, {"name": "1015940", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015940"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:27:28.998Z"}, "title": "CVE Program Container", "references": [{"name": "19645", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19645"}, {"name": "20060414 Vulnerabilities in MODx", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/431010/100/0/threaded"}, {"name": "modx-index-directory-traversal(25895)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25895"}, {"name": "ADV-2006-1383", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1383"}, {"name": "17533", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17533"}, {"name": "1015940", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015940"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1821", "datePublished": "2006-04-18T10:00:00", "dateReserved": "2006-04-17T00:00:00", "dateUpdated": "2024-08-07T17:27:28.998Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:modxcms:modxcms:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "E02443C7-BCFC-44B8-B7F0-490B01DD4220", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter."}], "evaluatorSolution": "To address this issue, the vendor has released a patch available at the following location:\r\n\r\nhttp://modxcms.com/forums/index.php/topic,3982.0.html", "id": "CVE-2006-1821", "lastModified": "2024-11-21T00:09:50.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-18T10:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19645"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015940"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/431010/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17533"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1383"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25895"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/431010/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17533"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/1383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25895"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}