CVE-2006-1821

Name of the Vulnerable Software and Affected Versions ModX version 0.9.1

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file. This is achieved by using a .. (dot dot) sequence and a trailing NULL (%00) byte in the id parameter.

Recommendations For ModX version 0.9.1, consider restricting access to the id parameter in the index.php file to minimize the risk of exploitation. Avoid using the id parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.