Vulnerabilities > CVE-2006-5730 - Remote File Include vulnerability in Modxcms 0.9.1
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. NOTE: it is possible that this is a vulnerability in FCKeditor. Successful exploitation requires that "register_globals" is enabled.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | MODx CMS. CVE-2006-5730. Webapps exploit for php platform |
| file | exploits/php/webapps/2706.txt |
| id | EDB-ID:2706 |
| last seen | 2016-01-31 |
| modified | 2006-11-03 |
| platform | php |
| port | |
| published | 2006-11-03 |
| reporter | nuffsaid |
| source | https://www.exploit-db.com/download/2706/ |
| title | MODx CMS <= 0.9.2.1 - FCKeditor Remote File Include Vulnerability |
| type | webapps |
Nessus
| NASL family | CGI abuses |
| NASL id | MODX_0921_RFI.NASL |
| description | The remote web server is running MODx CMS, an open source content management system. The version of MODx CMS installed on the remote host fails to sanitize input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 23641 |
| published | 2006-11-14 |
| reporter | This script is Copyright (C) 2006-2018 Justin Seitz |
| source | https://www.tenable.com/plugins/nessus/23641 |
| title | MODx CMS base_path Parameter Remote File Inclusion |