Modx Revolution Security Vulnerabilities and Issues — Modx Revolution CVE List

Lucene search

ModxModx Revolution

3 matches found

CVE•added 2021/10/31 7:15 p.m.•65 views

CVE-2020-25911

A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).

9.1CVSS8.8AI score0.00961EPSS

CVE•added 2017/03/30 7:59 a.m.•41 views

CVE-2017-7321

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.

9.8CVSS9.8AI score0.02182EPSS

CVE•added 2017/03/30 7:59 a.m.•39 views

CVE-2017-7324

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.

9.8CVSS9.8AI score0.02182EPSS