Design/Logic Flaw

2019-07-2414:15:00

PRIOn knowledge base

www.prio-n.com

9.6 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.7%

Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246.

CPENameOperatorVersion
fredeq1.0.0 rc1
fredeq1.0.0 pl
fredeq1.0.0 beta2
fredeq1.0.0 beta4
fredeq1.0.0 rc
fredeq1.0.0 rc2
fredeq1.0.0

Name	Operator	Version
fred	eq	1.0.0 rc1
fred	eq	1.0.0 pl
fred	eq	1.0.0 beta2
fred	eq	1.0.0 beta4
fred	eq	1.0.0 rc
fred	eq	1.0.0 rc2
fred	eq	1.0.0

References

www.youtube.com/watch?v=vOlw2DP9WbE