Test ID:	1.3.6.1.4.1.25623.1.0.80072
Category:	Web application abuses
Title:	MODX CMS < 0.9.2.2 RFI Vulnerability - Active Check
Summary:	MODX CMS is prone to a remote file inclusion (RFI); vulnerability.
Description:	Summary: MODX CMS is prone to a remote file inclusion (RFI) vulnerability. Vulnerability Insight: MODX CMS fails to sanitize input to the 'base_path' parameter before using it in the 'manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php' script to include PHP code. Vulnerability Impact: Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker can exploit this issue to view arbitrary files and execute arbitrary code, possibly taken from third-party hosts, on the remote host. Solution: Update to version 0.9.2.2 or later. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5730 BugTraq ID: 20898 http://www.securityfocus.com/bid/20898 https://www.exploit-db.com/exploits/2706 http://www.osvdb.org/30186 http://secunia.com/advisories/22675 http://www.vupen.com/english/advisories/2006/4346 XForce ISS Database: modx-thumbnail-file-include(29989) https://exchange.xforce.ibmcloud.com/vulnerabilities/29989
Copyright	Copyright (C) 2008 Justin Seitz

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.