CVE-2010-3930

2011-02-02 02:00:03 2011-02-12 07:44:30

Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Modxcms Evolution 0.9.1 (not an official CPE) Modxcms Evolution 0.9.6.1 P1 (not an official CPE) Modxcms Evolution 0.9.0 (not an official CPE) Modxcms Evolution 0.9.2.1 (not an official CPE) Modxcms Evolution 0.9.6.1 (not an official CPE) Modxcms Evolution 0.9.6.2 (not an official CPE) Modxcms Evolution 1.0.4 (not an official CPE) Modxcms Evolution 0.9.5 (not an official CPE) Modxcms Evolution 0.9.6 (not an official CPE) Modxcms Evolution 1.0.3 (not an official CPE) Modxcms Evolution 1.0.2 (not an official CPE)

Modxcms - Evolution

Advisory	Patch	Confirmed	Link
			70772
			http://modxcms.com/forums/index.php/topic,60045.0.html
			JVNDB-2011-000009
			JVN#95385972

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)

Related CVE(s) 1 CVE-2010-1427 CVSS 4.3