CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-5941
https://notcve.org/view.php?id=CVE-2008-5941
22 Jan 2009 — Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en MODx 0.9.6.1p2 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos. • http://jvn.jp/en/jp/JVN66828183/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5942
https://notcve.org/view.php?id=CVE-2008-5942
22 Jan 2009 — Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en MODx anterior a v0.9.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con (1) la función pre... • http://jvn.jp/en/jp/JVN10170564/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 9%CPEs: 1EXPL: 4CVE-2008-0094 – MODx 0.9.6.1 - 'AjaxSearch.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-0094
08 Jan 2008 — Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. Múltiples vulnerabilidades de salto de directorio en MODx Content Management System 0.9.6.1 permiten a atacantes remotos (1) ... • https://www.exploit-db.com/exploits/30969 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5371
https://notcve.org/view.php?id=CVE-2007-5371
11 Oct 2007 — Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter. Múltiples vulnerabilidades de inyección SQL en mutate_content.dynamic.php de MODx 0.9.6 permiten a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) documentDirty o (2) modVariables. • http://osvdb.org/38584 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2007-0659
https://notcve.org/view.php?id=CVE-2007-0659
01 Feb 2007 — download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials. download.php en el fragmento de código MuddyDogPaws FileDownload versiones anteriores a 2.5 para MODx, permite a atacantes remotos descargar ficheros de su elección, como se demuestra descargando config.inc.php para obtener credenciales de base de datos. • http://modxcms.com/forums/index.php/topic%2C10470.0.html •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 2CVE-2006-5730 – MODx CMS 0.9.2.1 - 'FCKeditor' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-5730
06 Nov 2006 — PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. Vulnerabilidad de inclusión remota de archivo en PHP en manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php en Modx CMS 0.9.2.1 y anteriores permite a atacantes remotos ejecutar código PHP de su elecci... • https://www.exploit-db.com/exploits/2706 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-1820 – MODx CMS 0.9.1 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1820
18 Apr 2006 — Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. • https://www.exploit-db.com/exploits/27648 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2006-1821 – MODx CMS 0.9.1 - 'index.php' Directory Traversal
https://notcve.org/view.php?id=CVE-2006-1821
18 Apr 2006 — Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. • https://www.exploit-db.com/exploits/27649 •