3 matches found
CVE-2022-26149
MODX Revolution up to version 2.8.3-pl is affected by an authenticated RCE: an admin can upload an executable file by abusing the Uploadable File Types setting, then execute code via the Media Browser. Exploitation details and proof-of-concept scripts are present in public advisories (e.g., Explo...
CVE-2017-1000067
MODX Revolution versions 2.x through 2.5.6 are affected by a blind SQL injection due to improper sanitization in the escape method. This vulnerability can allow an authenticated user to access the database and potentially escalate privileges. No explicit remediation/version patch is provided in t...
CVE-2010-4883
The CVE-2010-4883 issue affects MODx Revolution 2.0.2-pl (MODx