Detections
Analytics
MODx config.js.php Information Disclosure
medium Nessus Plugin ID 40419
Language:
Synopsis
The remote web server contains a PHP script that is affected by an information disclosure vulnerability.Description
The remote web server is running MODx, an open source content management system.The version of MODx installed on the remote host fails to limit access to the 'core/model/modx/processors/system/config.js.php' script before returning the application's configuration settings, including database credentials. An unauthenticated, remote attacker may be able to use this information for further attacks.
Solution
Upgrade to revision 5505 from the subversion repository or apply the patch referenced above in the project advisory.See Also
http://svn.modxcms.com/crucible/changelog/modx/?cs=5501
https://forums.modx.com/index.php/topic,37961.msg229068.html
Plugin Details
Severity: Medium
ID: 40419
File Name: modx_config_js_disclosure.nasl
Version: 1.15
Type: remote
Family: CGI abuses
Published: 7/28/2009
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
CPE: cpe:/a:modxcms:modxcms
Required KB Items: www/PHP, www/modx
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No known exploits are available
Exploited by Nessus: true
Patch Publication Date: 7/23/2009
Reference Information
BID: 35824