Page 3 of 13 results (0.007 seconds)

CVSS: 5.1EPSS: 10%CPEs: 2EXPL: 2

PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. Vulnerabilidad de inclusión remota de archivo en PHP en manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php en Modx CMS 0.9.2.1 y anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro base_path. NOTA: es posible que esta sea una vulnerabilidad en FCKeditor. • https://www.exploit-db.com/exploits/2706 http://secunia.com/advisories/22675 http://www.osvdb.org/30186 http://www.securityfocus.com/bid/20898 http://www.vupen.com/english/advisories/2006/4346 https://exchange.xforce.ibmcloud.com/vulnerabilities/29989 •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. • https://www.exploit-db.com/exploits/27648 http://secunia.com/advisories/19645 http://securitytracker.com/id?1015940 http://www.securityfocus.com/archive/1/431010/100/0/threaded http://www.securityfocus.com/bid/17533 http://www.vupen.com/english/advisories/2006/1383 https://exchange.xforce.ibmcloud.com/vulnerabilities/25894 •

CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 1

Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. • https://www.exploit-db.com/exploits/27649 http://secunia.com/advisories/19645 http://securitytracker.com/id?1015940 http://www.securityfocus.com/archive/1/431010/100/0/threaded http://www.securityfocus.com/bid/17533 http://www.vupen.com/english/advisories/2006/1383 https://exchange.xforce.ibmcloud.com/vulnerabilities/25895 •