CVE-2007-0659

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://modxcms.com/forums/index.php/topic,10470.0.html	Vendor Advisory
http://www.muddydogpaws.com/Home.html
http://www.securityfocus.com/bid/22327	Patch
http://secunia.com/advisories/23953	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2007/0426

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:modxcms:filedownload:1.7:::::::*
	cpe:2.3:a:modxcms:filedownload:2.0:::::::*

Information

Published : 2007-02-01 14:28

Updated : 2011-03-07 18:50

NVD link : CVE-2007-0659

Mitre link : CVE-2007-0659

JSON object : View

CWE

NVD-CWE-Other

Products Affected

modxcms

filedownload

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://modxcms.com/forums/index.php/topic,10470.0.html", "name": "http://modxcms.com/forums/index.php/topic,10470.0.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.muddydogpaws.com/Home.html", "name": "http://www.muddydogpaws.com/Home.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/22327", "name": "22327", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/23953", "name": "23953", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/0426", "name": "ADV-2007-0426", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0659", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-02-01T22:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:modxcms:filedownload:1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:modxcms:filedownload:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:50Z"}

7.5 /10