Product: MODX Revolution
Severity: Extremely Critical
Versions: 2.1.0–2.2.7
Vulnerability type: Security Bypass
Report date: 2013-Jun-4
Fixed date: 2013-Jun-4
Description
Two vulnerabilities were discovered in MODX that allow users to bypass security. Attackers could exploit this to remotely execute arbitrary code on the targeted server.
Affected Releases
All MODX Revolution releases from and including 2.1.0–2.2.7 are affected. Revolution 2.0.8 and below are not affected.
Solutions
There are two possible solutions:
- Upgrade to MODX Revolution 2.2.8, or
- Install this plugin patch until upgrade to 2.2.8+ is completed.
Acknowledgement
We would like to thank valued community members Fi1osof and Agel_Nash for bringing this issue to our attention.
Additional Information
For additional information, please use the
MODX Contact Form
Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup
magician.
Blog ✦
Twitter ✦
LinkedIn ✦
GitHub
MODX Staff