New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Directory traversal vulnerability in MODX 2.5.7 search page, please confirm! #13432
Comments
|
Please responsibly disclose security issues via security@modx.com, not in a public issue.. |
|
oh, sorry.I have already sent it to your mail, my email is fantasy7082@hotmail.com |
|
Have you scheduled 2.5.8 release already? |
|
@Mark-H is this already looked into? |
|
It's very confusing to leave issues like this open for over a year. Nothing about this issue in ChangeLog. |
|
Looked up the related responsible disclosure, yes this was addressed. The issue is confusing but basically files no longer served a purpose exposed a vulnerability, so those files were removed entirely in #13433. |
Summary
Hello, i found a directory traversal vulnerability in search page. the reproduction is below:
Step to reproduce
I have already sent it to your mail, my email is fantasy7082@hotmail.com
Observed behavior
It will causes the system directory information to leak
Expected behavior
It will not causes the system directory information to leak
Environment
MODX version, 2.5.7
The text was updated successfully, but these errors were encountered: