opengeek Reply #1, 5 years, 1 month ago
VERY IMPORTANT!
If you have added the FileDownload snippet to a MODx site, please remove this snippet from your sites immediately. There is a known vulnerability in this component that can expose critical database credentials by allowing exploiters to download your config.inc.php file or any number of other critical files directly from your server. A new version of the component will be available shortly that resolves this issue, but in the meantime, it is absolutely critical that you disable this snippet.
Also, if you have a site with this snippet currently enabled, it is highly recommended that you change your database username/password after disabling the snippet as soon as possible. It is possible that some sites have already been silently exploited and critical security information collected.
Please note: FileDownload is not part of the core MODx distribution, so this only affects users who have downloaded and installed the FileDownload snippet.
More information as soon as it becomes available.
If you have added the FileDownload snippet to a MODx site, please remove this snippet from your sites immediately. There is a known vulnerability in this component that can expose critical database credentials by allowing exploiters to download your config.inc.php file or any number of other critical files directly from your server. A new version of the component will be available shortly that resolves this issue, but in the meantime, it is absolutely critical that you disable this snippet.
Also, if you have a site with this snippet currently enabled, it is highly recommended that you change your database username/password after disabling the snippet as soon as possible. It is possible that some sites have already been silently exploited and critical security information collected.
Please note: FileDownload is not part of the core MODx distribution, so this only affects users who have downloaded and installed the FileDownload snippet.
More information as soon as it becomes available.
