setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
modx modx revolution |