PT-2009-1413 · Modx · Modx Cms

Romancyxhacker

Published

2009-01-22

Updated

2017-09-29

CVE-2008-5938

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MODx CMS versions 0.9.6.2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code when magic quotes gpc is disabled. This is achieved via a URL in the reflect base parameter.

Recommendations For MODx CMS versions 0.9.6.2 and earlier, consider disabling the reflect snippet or restricting access to the assets/snippets/reflect/snippet.reflect.php file until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-5938

Affected Products

Modx Cms

PT-2009-1413 · Modx · Modx Cms

CVE-2008-5938

Weakness Enumeration

Related Identifiers

Affected Products

References · 9