setup/templates/findcore.php in MODX Revolution 2.5.4-pl and previous versions allows remote malicious users to execute arbitrary PHP code via the core_path parameter.
modx modx revolution