On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Product: MODX Revolution
    Severity: Extremely Critical
    Versions: 2.1.0–2.2.7
    Vulnerability type: Security Bypass
    Report date: 2013-Jun-4
    Fixed date: 2013-Jun-4

    Description
    Two vulnerabilities were discovered in MODX that allow users to bypass security. Attackers could exploit this to remotely execute arbitrary code on the targeted server.

    Affected Releases
    All MODX Revolution releases from and including 2.1.0–2.2.7 are affected. Revolution 2.0.8 and below are not affected.

    Solutions
    There are two possible solutions:

    1. Upgrade to MODX Revolution 2.2.8, or
    2. Install this plugin patch until upgrade to 2.2.8+ is completed.

    Acknowledgement
    We would like to thank valued community members Fi1osof and Agel_Nash for bringing this issue to our attention.

    Additional Information
    For additional information, please use the MODX Contact Form
      Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician. BlogTwitterLinkedInGitHub

    This discussion is closed to further replies. Keep calm and carry on.