Two vulnerabilities were discovered in MODX that allow users to bypass security. Attackers could exploit this to remotely execute arbitrary code on the targeted server.
All MODX Revolution releases from and including 2.1.0–2.2.7 are affected. Revolution 2.0.8 and below are not affected.
There are two possible solutions:
- Upgrade to MODX Revolution 2.2.8, or
- Install this plugin patch until upgrade to 2.2.8+ is completed.
We would like to thank valued community members Fi1osof and Agel_Nash for bringing this issue to our attention.
For additional information, please use the MODX Contact Form
Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician