Last week we announced an exploit found in AjaxSearch
that could allow a Remote Code Execution in MODX Evolution.
We originally suggested the removal of the index-ajax.php file was a sufficient method to protect your site from vulnerability. It has come to our attention that this was not correct. The correct methods to close this vulnerability are: remove all AjaxSearch files (if you don't use this snippet on your site), upgrade the AjaxSearch files to 1.10.1, or upgrade to Evolution 1.0.14.
Please share this message to ensure every Evo site owner knows.
[ed. note: smashingred last edited this post 7 years, 4 months ago.]
Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician