Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modx modx revolution vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2017-9067
In MODX Revolution prior to 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
Modx Modx Revolution 2.5.6
Php Php 5.3.3
5.3
CVSSv3
CVE-2017-8115
Directory traversal in setup/processors/url_search.php (aka the search page of an unused processor) in MODX Revolution 2.5.7 might allow remote malicious users to obtain system directory information.
Modx Modx Revolution 2.5.7
6.1
CVSSv3
CVE-2017-7320
setup/controllers/language.php in MODX Revolution 2.5.4-pl and previous versions does not properly constrain the language parameter, which allows remote malicious users to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Resp...
Modx Modx Revolution
9.8
CVSSv3
CVE-2017-7321
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
Modx Modx Revolution
8.1
CVSSv3
CVE-2017-7322
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions do not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code via a crafted cert...
Modx Modx Revolution
8.1
CVSSv3
CVE-2017-7323
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions use http://rest.modx.com by default, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HT...
Modx Modx Revolution
9.8
CVSSv3
CVE-2017-7324
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the core_path parameter.
Modx Modx Revolution
7.3
CVSSv3
CVE-2016-10038
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
Modx Modx Revolution
7.3
CVSSv3
CVE-2016-10039
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
Modx Modx Revolution
7.3
CVSSv3
CVE-2016-10037
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
Modx Modx Revolution
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »