3 results (0.002 seconds)

CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 2

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. MODX Revolution versiones hasta 2.8.3-pl, permite a administradores remotos autenticados ejecutar código arbitrario al subir un archivo ejecutable, ya que la configuración de Tipos de Archivos para Subir puede ser cambiada por un administrador. MODX Revolution version 2.8.3-pl suffers from an authenticated remote code execution vulnerability. • https://www.exploit-db.com/exploits/51059 http://packetstormsecurity.com/files/171488/MODX-Revolution-2.8.3-pl-Remote-Code-Execution.html https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 37EXPL: 0

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. MODX Revolution versión 2.x hasta 2.5.6, es vulnerable a inyección SQL ciega causada por un saneamiento inapropiado mediante el método de escape, resultando en que un usuario autenticado acceda a la base de datos y posiblemente escale privilegios. • https://github.com/modxcms/revolution/blob/9bf1c6cf7bdc12190b404f93ce7798b39c07bc59/core/xpdo/changelog.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 2.6EPSS: 3%CPEs: 1EXPL: 4

Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en manager/index.php en MODx Revolution v2.0.2-pl, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro modhash. • https://www.exploit-db.com/exploits/34787 http://modxcms.com/forums/index.php/topic%2C55104.0.html http://modxcms.com/forums/index.php/topic%2C55105.0.html http://packetstormsecurity.org/1009-exploits/modx202pl-xss.txt http://secunia.com/advisories/41638 http://securityreason.com/securityalert/8435 http://www.osvdb.org/68264 http://www.securityfocus.com/bid/43577 https://exchange.xforce.ibmcloud.com/vulnerabilities/62070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •