Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modx revolution 2.5.4 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-7321
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
Modx Modx Revolution
9.8
CVSSv3
CVE-2017-7324
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the core_path parameter.
Modx Modx Revolution
8.8
CVSSv3
CVE-2017-1000067
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
Modx Revolution 2.2.7
Modx Revolution 2.2.0
Modx Revolution 2.1.5
Modx Revolution 2.5.3
Modx Revolution 2.1.4
Modx Revolution 2.2.3
Modx Revolution 2.3.1
Modx Revolution 2.1.1
Modx Revolution 2.5.4
Modx Revolution 2.4.1
Modx Revolution 2.2.2
Modx Revolution 2.2.5
Modx Revolution 2.2.8
Modx Revolution 2.0.0
Modx Revolution 2.0.1
Modx Revolution 2.5.2
Modx Revolution 2.2.1
Modx Revolution 2.3.0
Modx Revolution 2.5.1
Modx Revolution 2.1.2
Modx Revolution 2.1.0
Modx Revolution 2.4.0
8.1
CVSSv3
CVE-2017-7323
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions use http://rest.modx.com by default, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HT...
Modx Modx Revolution
8.1
CVSSv3
CVE-2017-7322
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions do not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code via a crafted cert...
Modx Modx Revolution
6.1
CVSSv3
CVE-2017-7320
setup/controllers/language.php in MODX Revolution 2.5.4-pl and previous versions does not properly constrain the language parameter, which allows remote malicious users to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Resp...
Modx Modx Revolution
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started