CVE-2017-9067

{"id": "CVE-2017-9067", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2017-05-18T16:29:00.157", "references": [{"url": "https://citadelo.com/en/2017/04/modx-revolution-cms/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/modxcms/revolution/pull/13422", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/modxcms/revolution/pull/13428", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal."}, {"lang": "es", "value": "En MODX Revolution anterior a versi\u00f3n 2.5.7, cuando se utiliza PHP versi\u00f3n 5.3.3, un atacante es capaz de incluir y ejecutar archivos arbitrarios en el servidor web debido a la comprobaci\u00f3n insuficiente del par\u00e1metro action en el archivo setup/index.php, tambi\u00e9n se conoce como salto de directorio."}], "lastModified": "2017-05-31T15:07:55.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:modx:modx_revolution:2.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6F55854-0593-47D3-B84B-810C2D41A37F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0F40E4A-E125-4099-A8B3-D42614AA9312"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}