HIGH🇬🇧 English

CVE-2018-1000207

CVSS 7.2v3.0pub. 2018-07-13upd. 2024-11-21

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Modx Revolution

    APP
    Modx
    ≤ 2.6.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-25911CRITICAL9.1ten sam produkt

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2....

CVE-2017-7324CRITICAL9.8ten sam produkt

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitr...

CVE-2017-7321CRITICAL9.8ten sam produkt

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbit...

CVE-2019-1010123HIGH7.5ten sam produkt

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The im...

CVE-2018-1000208HIGH7.5ten sam produkt

MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerreq...