Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2017-9067 - Vulnerability Database
PHP

PHP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2017-9067

High
Reference: CVE-2017-9067
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-9067
Title: PHP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

In MODX Revolution before 2.5.7 when PHP 5.3.3 is used an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php aka directory traversal.