Page 2 of 9 results (0.010 seconds)

CVSS: 6.8EPSS: 4%CPEs: 7EXPL: 2

PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter. Vulnerabilidad de inclusión remota de archivos en PHP en assets/snippets/reflect/snippet.reflect.php en MODx CMS v0.9.6.2 y versiones anteriores, cuando magic_quotes_gpc no está activo, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro "reflect_base". • https://www.exploit-db.com/exploits/7204 http://secunia.com/advisories/32824 http://securityreason.com/securityalert/4940 http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt http://www.securityfocus.com/bid/32436 http://www.vupen.com/english/advisories/2008/3236 https://exchange.xforce.ibmcloud.com/vulnerabilities/46797 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 10%CPEs: 2EXPL: 2

PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. Vulnerabilidad de inclusión remota de archivo en PHP en manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php en Modx CMS 0.9.2.1 y anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro base_path. NOTA: es posible que esta sea una vulnerabilidad en FCKeditor. • https://www.exploit-db.com/exploits/2706 http://secunia.com/advisories/22675 http://www.osvdb.org/30186 http://www.securityfocus.com/bid/20898 http://www.vupen.com/english/advisories/2006/4346 https://exchange.xforce.ibmcloud.com/vulnerabilities/29989 •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. • https://www.exploit-db.com/exploits/27648 http://secunia.com/advisories/19645 http://securitytracker.com/id?1015940 http://www.securityfocus.com/archive/1/431010/100/0/threaded http://www.securityfocus.com/bid/17533 http://www.vupen.com/english/advisories/2006/1383 https://exchange.xforce.ibmcloud.com/vulnerabilities/25894 •

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 1

Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. • https://www.exploit-db.com/exploits/27649 http://secunia.com/advisories/19645 http://securitytracker.com/id?1015940 http://www.securityfocus.com/archive/1/431010/100/0/threaded http://www.securityfocus.com/bid/17533 http://www.vupen.com/english/advisories/2006/1383 https://exchange.xforce.ibmcloud.com/vulnerabilities/25895 •