CVE-2017-9067 - Vulnerability Details - OpenCVE

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Key SSVC decision points have not yet been added.

Vendors	Products
Modx	Modx Revolution
Php	Php

Configuration 1 [-]

cpe:2.3:a:modx:modx_revolution:2.5.6:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2017-18006	MODX Revolution Directory Traversal Vulnerability
Github GHSA	GHSA-cgrv-6h2h-6f7v	MODX Revolution Directory Traversal Vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://citadelo.com/en/2017/04/modx-revolution-cms/
https://github.com/modxcms/revolution/pull/13422
https://github.com/modxcms/revolution/pull/13428

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-05-18T16:00:00Z

Updated: 2024-09-16T20:32:21.759Z

Reserved: 2017-05-18T00:00:00Z

Link: CVE-2017-9067

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-05-18T16:29:00.157

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-9067

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-18T16:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/modxcms/revolution/pull/13428"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/modxcms/revolution/pull/13422"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9067", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://citadelo.com/en/2017/04/modx-revolution-cms/", "refsource": "MISC", "url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"}, {"name": "https://github.com/modxcms/revolution/pull/13428", "refsource": "MISC", "url": "https://github.com/modxcms/revolution/pull/13428"}, {"name": "https://github.com/modxcms/revolution/pull/13422", "refsource": "MISC", "url": "https://github.com/modxcms/revolution/pull/13422"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:55:21.879Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/modxcms/revolution/pull/13428"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/modxcms/revolution/pull/13422"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9067", "datePublished": "2017-05-18T16:00:00Z", "dateReserved": "2017-05-18T00:00:00Z", "dateUpdated": "2024-09-16T20:32:21.759Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:modx:modx_revolution:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "B6F55854-0593-47D3-B84B-810C2D41A37F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal."}, {"lang": "es", "value": "En MODX Revolution anterior a versi\u00f3n 2.5.7, cuando se utiliza PHP versi\u00f3n 5.3.3, un atacante es capaz de incluir y ejecutar archivos arbitrarios en el servidor web debido a la comprobaci\u00f3n insuficiente del par\u00e1metro action en el archivo setup/index.php, tambi\u00e9n se conoce como salto de directorio."}], "id": "CVE-2017-9067", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-18T16:29:00.157", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/modxcms/revolution/pull/13422"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/modxcms/revolution/pull/13428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://citadelo.com/en/2017/04/modx-revolution-cms/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/modxcms/revolution/pull/13422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/modxcms/revolution/pull/13428"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}