3 matches found
CVE-2017-7321
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the configkey parameter to the setup/index.php?action=welcome URI...
CVE-2017-7321
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the configkey parameter to the setup/index.php?action=welcome URI...
CVE-2017-7321
CVE-2017-7321 affects MODX Revolution 2.5.4-pl and earlier. The issue is a remote PHP code execution vulnerability in setup/controllers/welcome.php triggered by passing the config_key parameter to the URL setup/index.php?action=welcome. Public records describe it as an arbitrary code execution pa...