CVE-2017-7323
MODX Revolution 2.5.4-pl and earlier are vulnerable due to the update and package-installation features defaulting to http://rest.modx.com, enabling a man-in-the-middle attack to spoof servers and trigger arbitrary code execution due to the lack of HTTPS protection. The issue affects the update/p...