CVE-2018-1000207 - OpenCVE

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Modx	Modx Revolution

Configuration 1 [-]

cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/a2u/CVE-2018-1000207
https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68
https://github.com/modxcms/revolution/pull/13979
https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-13T18:00:00

Updated: 2024-08-05T12:40:46.808Z

Reserved: 2018-07-09T00:00:00

Link: CVE-2018-1000207

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-07-13T18:29:00.270

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-1000207

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-07-10T00:00:00", "datePublic": "2018-07-09T00:00:00", "descriptions": [{"lang": "en", "value": "MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-07-16T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/modxcms/revolution/pull/13979"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/a2u/CVE-2018-1000207"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-07-10T20:50:24.882222", "DATE_REQUESTED": "2018-07-09T16:32:07", "ID": "CVE-2018-1000207", "REQUESTER": "security@agel-nash.ru", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4", "refsource": "MISC", "url": "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4"}, {"name": "https://github.com/modxcms/revolution/pull/13979", "refsource": "CONFIRM", "url": "https://github.com/modxcms/revolution/pull/13979"}, {"name": "https://github.com/a2u/CVE-2018-1000207", "refsource": "MISC", "url": "https://github.com/a2u/CVE-2018-1000207"}, {"name": "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68", "refsource": "CONFIRM", "url": "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:40:46.808Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/modxcms/revolution/pull/13979"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/a2u/CVE-2018-1000207"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000207", "datePublished": "2018-07-13T18:00:00", "dateReserved": "2018-07-09T00:00:00", "dateUpdated": "2024-08-05T12:40:46.808Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF008510-C712-4018-9E0B-022CFA929190", "versionEndIncluding": "2.6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68."}, {"lang": "es", "value": "MODX Revolution en versiones iguales o anteriores a la 2.6.4 contiene una vulnerabilidad de control de acceso incorrecto en el filtrado de par\u00e1metros user antes de pasarlos a la clase phpthumb, lo que puede resultar en la creaci\u00f3n de un archivo con un nombre de archivo y un contenido personalizados. Parece ser que este ataque puede ser explotado mediante una petici\u00f3n web. La vulnerabilidad parece haber sido solucionada en el commit con ID 06bc94257408f6a575de20ddb955aca505ef6e68."}], "id": "CVE-2018-1000207", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-13T18:29:00.270", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://github.com/a2u/CVE-2018-1000207"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/modxcms/revolution/pull/13979"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}