CVE-2017-9069

描述

In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.

受影響套件(1)

• Packagist/modx/revolutionfrom 0, < 2.5.7

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-9069
• PATCHhttps://github.com/modxcms/revolution
• WEBhttps://citadelo.com/en/2017/04/modx-revolution-cms
• WEBhttps://github.com/modxcms/revolution/pull/13423