Vulnerabilities > CVE-2006-1821 - Directory Traversal vulnerability in Modxcms 0.9.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. To address this issue, the vendor has released a patch available at the following location: http://modxcms.com/forums/index.php/topic,3982.0.html
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | MODxCMS 0.9.1 Index.PHP Directory Traversal Vulnerability. CVE-2006-1821. Webapps exploit for php platform |
| id | EDB-ID:27649 |
| last seen | 2016-02-03 |
| modified | 2006-04-14 |
| published | 2006-04-14 |
| reporter | Rusydi Hasan |
| source | https://www.exploit-db.com/download/27649/ |
| title | MODxCMS 0.9.1 Index.PHP Directory Traversal Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | MODX_091A.NASL |
| description | The remote host is running MODx, a content management system written in PHP. The version of MODx installed on the remote host fails to sanitize input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21235 |
| published | 2006-04-17 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21235 |
| title | MODx < 0.9.1a Multiple Vulnerabilities |