Modx FileDownload Snippet Arbitrary File Download Vulnerability
BID:22327
Info
Modx FileDownload Snippet Arbitrary File Download Vulnerability
| Bugtraq ID: | 22327 |
| Class: | Unknown |
| CVE: |
CVE-2007-0659 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 31 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Jason Coward is disclosed this issue. |
| Vulnerable: |
MODxCMS FileDownload 2.4 |
| Not Vulnerable: |
MODxCMS FileDownload 2.5 |
Discussion
Modx FileDownload Snippet Arbitrary File Download Vulnerability
FileDownload is prone to an issue that allows an attacker to download arbitrary files.
The attacker can exploit this issue to obtain sensitive information and download arbitrary files from the webserver.
FileDownload versions prior to 2.5 are vulnerable to this issue.
FileDownload is prone to an issue that allows an attacker to download arbitrary files.
The attacker can exploit this issue to obtain sensitive information and download arbitrary files from the webserver.
FileDownload versions prior to 2.5 are vulnerable to this issue.
Exploit / POC
Modx FileDownload Snippet Arbitrary File Download Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Modx FileDownload Snippet Arbitrary File Download Vulnerability
Solution:
The vendor has addressed this issue in version 2.5. Please see the references for more information.
Solution:
The vendor has addressed this issue in version 2.5. Please see the references for more information.
References
Modx FileDownload Snippet Arbitrary File Download Vulnerability
References:
References:
- FileDownload Changelog (ModxCMS)
- FileDownload exploit! (Modx)
- Vendor Homepage (MODx)