Description
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70772
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000009.html
Various Sources x_refsource_confirm
http://modxcms.com/forums/index.php/topic%2C60045.0.html
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN95385972/index.html
Scores
EPSS
0.0239
EPSS Percentile
81.9%
Details
CWE
CWE-22
Status
published
Products (10)
modxcms/evolution
0.9.0
modxcms/evolution
0.9.1
modxcms/evolution
0.9.2.1
modxcms/evolution
0.9.5
modxcms/evolution
0.9.6
modxcms/evolution
0.9.6.1 (2 CPE variants)
modxcms/evolution
0.9.6.2
modxcms/evolution
1.0.2
modxcms/evolution
1.0.3
modxcms/evolution
< 1.0.4
Published
Feb 02, 2011
Tracked Since
Feb 18, 2026