Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
modx revolution vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-1010178
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixe...
Modx Fred 1.0.0
7.5
CVSSv2
CVE-2017-7321
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
Modx Modx Revolution
7.5
CVSSv2
CVE-2017-7324
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the core_path parameter.
Modx Modx Revolution
7.5
CVSSv2
CVE-2016-10038
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
Modx Modx Revolution
7.5
CVSSv2
CVE-2016-10037
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
Modx Modx Revolution
7.5
CVSSv2
CVE-2016-10039
Directory traversal in /connectors/index.php in MODX Revolution prior to 2.5.2-pl allows remote malicious users to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
Modx Modx Revolution
7.5
CVSSv2
CVE-2014-2736
Multiple SQL injection vulnerabilities in MODX Revolution prior to 2.2.14 allow remote malicious users to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to c...
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.4
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.0.3
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.2.3
Modx Modx Revolution 2.2.11
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.0.6
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.0.1
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.2.4
Modx Modx Revolution
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.12
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.0.5
7.5
CVSSv2
CVE-2014-2311
SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 prior to 2.2.13 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Modx Modx Revolution 2.2.9
Modx Modx Revolution 2.0.4
Modx Modx Revolution 2.0.7
Modx Modx Revolution 2.2.8
Modx Modx Revolution 2.0.3
Modx Modx Revolution 2.1.5
Modx Modx Revolution 2.1.3
Modx Modx Revolution 2.2.6
Modx Modx Revolution 2.2.3
Modx Modx Revolution 2.2.11
Modx Modx Revolution 2.1.4
Modx Modx Revolution 2.0.6
Modx Modx Revolution 2.1.1
Modx Modx Revolution 2.0.8
Modx Modx Revolution 2.0.1
Modx Modx Revolution 2.1.0
Modx Modx Revolution 2.2.4
Modx Modx Revolution 2.2.1
Modx Modx Revolution 2.2.12
Modx Modx Revolution 2.1.2
Modx Modx Revolution 2.0.5
Modx Modx Revolution 2.2.7
6.8
CVSSv2
CVE-2017-7322
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions do not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code via a crafted cert...
Modx Modx Revolution
6.8
CVSSv2
CVE-2017-7323
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions use http://rest.modx.com by default, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HT...
Modx Modx Revolution
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »