Unrated severityNVD Advisory· Published Feb 1, 2007· Updated Apr 23, 2026

CVE-2007-0659

Description

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

Affected products

Modxcms/Filedownload2 versions
cpe:2.3:a:modxcms:filedownload:1.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:modxcms:filedownload:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:modxcms:filedownload:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/23953nvdPatchVendor Advisory
www.securityfocus.com/bid/22327nvdPatch
modxcms.com/forums/index.php/topic%2C10470.0.htmlnvd
www.muddydogpaws.com/Home.htmlnvd
www.vupen.com/english/advisories/2007/0426nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000