CVE-2019-1010178
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd and https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887beba0065246.
Fred MODX Revolution <1.0.0-beta5 está afectado por: Control de acceso incorrecto - CWE-648. El impacto es: Ejecución remota de código. El componente es: asset / components / fred / web / elfinder / connector.php. El vector de ataque es: cargar un archivo PHP o cambiar datos en la base de datos. La versión arreglada es: https://github.com/modxcms/fred/commit/139cefac83b2ead90da23187d92739dec79d3ccd y https://github.com/modxcms/fred/commit/01f0a3d1ae7f3970639c2a0db1887
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-20 CVE Reserved
- 2019-07-24 CVE Published
- 2023-09-02 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
- CWE-648: Incorrect Use of Privileged APIs
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.youtube.com/watch?v=vOlw2DP9WbE | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Modx Search vendor "Modx" | Fred Search vendor "Modx" for product "Fred" | 1.0.0 Search vendor "Modx" for product "Fred" and version "1.0.0" | modx |
Affected
| ||||||
| Modx Search vendor "Modx" | Fred Search vendor "Modx" for product "Fred" | 1.0.0 Search vendor "Modx" for product "Fred" and version "1.0.0" | beta2, modx |
Affected
| ||||||
| Modx Search vendor "Modx" | Fred Search vendor "Modx" for product "Fred" | 1.0.0 Search vendor "Modx" for product "Fred" and version "1.0.0" | beta4, modx |
Affected
| ||||||
| Modx Search vendor "Modx" | Fred Search vendor "Modx" for product "Fred" | 1.0.0 Search vendor "Modx" for product "Fred" and version "1.0.0" | pl, modx |
Affected
| ||||||
| Modx Search vendor "Modx" | Fred Search vendor "Modx" for product "Fred" | 1.0.0 Search vendor "Modx" for product "Fred" and version "1.0.0" | rc, modx |
Affected
| ||||||
| Modx Search vendor "Modx" | Fred Search vendor "Modx" for product "Fred" | 1.0.0 Search vendor "Modx" for product "Fred" and version "1.0.0" | rc1, modx |
Affected
| ||||||
| Modx Search vendor "Modx" | Fred Search vendor "Modx" for product "Fred" | 1.0.0 Search vendor "Modx" for product "Fred" and version "1.0.0" | rc2, modx |
Affected
| ||||||