Published:2011/01/26  Last Updated:2011/01/26

JVN#95385972
MODx Evolution vulnerable to directory traversal

Overview

MODx Evolution contains a directory traversal vulnerability.

Products Affected

  • MODx Evolution 1.0.4 and earlier

Description

MODx provided by the MODx CMS Project is a Content Management System (CMS) software. MODx contains a directory traversal vulnerability.

Impact

A remote attacker may access or view arbitrary files on the server.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

References

JPCERT/CC Addendum


Vulnerability Analysis by JPCERT/CC

Analyzed on 2011.01.26

Measures Conditions Severity
Access Required can be attacked over the Internet using packets
  • High
Authentication anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2010-3930
JVN iPedia JVNDB-2011-000009