6 matches found
CVE-2022-26149
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...
MODX Revolution 2.8.3-pl Remote Code Execution
Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 26th Feb'2022 CVE ID: CVE-2022-26149 Confirmed on release 2.8.3-pl Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt Vendor...
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 26th Feb'2022 CVE ID: CVE-2022-26149 Confirmed on release 2.8.3-pl Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt Vendor...
CVE-2022-26149
creationtimestamp| type| source ---|---|--- 2022-02-27 00:21:46+00:00| seen| https://t.me/cibsecurity/38164 2023-03-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51059...
CVE-2022-26149
MODX Revolution up to version 2.8.3-pl is affected by an authenticated RCE: an admin can upload an executable file by abusing the Uploadable File Types setting, then execute code via the Media Browser. Exploitation details and proof-of-concept scripts are present in public advisories (e.g., Explo...
CVE-2022-26149
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...