CVE-2007-0659 Information

Description

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files as demonstrated by downloading config.inc.php to obtain database credentials.

Reference

http://modxcms.com/forums/index.php/topic10470.0.html http://secunia.com/advisories/23953 http://www.muddydogpaws.com/Home.html http://www.securityfocus.com/bid/22327 http://www.vupen.com/english/advisories/2007/0426