download.php in the MuddyDogPaws FileDownload snippet prior to 2.5 for MODx allows remote malicious users to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
modxcms filedownload 2.0 |
||
modxcms filedownload 1.7 |