The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and previous versions use rest.modx.com by default, which allows man-in-the-middle malicious users to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
modx modx revolution |