漏洞类别:CGI
漏洞等级: 
漏洞信息
MODX (originally MODx) is a free, open source content management system and web application framework for publishing content on the world wide web and intranets.
MODX Revolution contains the following vulnerabilities:
CVE-2017-9067: When PHP 5.3.3 is used in MODX Revolution, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to the setup/index.php source file, aka directory traversal.
CVE-2017-9068: An unauthenticated, remote attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
CVE-2017-9069: An authenticated, remote attacker with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
CVE-2017-9070: An authenticated, remote attacker with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to the connectors/index.php source file.
CVE-2017-9071: An unauthenticated, remote attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.
Affected Versions:
MODX Revolution prior to 2.5.7
QID Detection Logic:
This unauthenticated QID leverages the BlindElephant engine to detect vulnerable MODX Revolution versions.
漏洞危害
Depending on the vulnerability being exploited, an attacker could execute arbitrary code, gain access to arbitrary files or conduct cross-site scripting attacks on a targeted system.
解决方案
Customers are advised to upgrade to MODX Revolution 2.5.7 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论