On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Last week we announced an exploit found in AjaxSearch that could allow a Remote Code Execution in MODX Evolution.

    We originally suggested the removal of the index-ajax.php file was a sufficient method to protect your site from vulnerability. It has come to our attention that this was not correct. The correct methods to close this vulnerability are: remove all AjaxSearch files (if you don't use this snippet on your site), upgrade the AjaxSearch files to 1.10.1, or upgrade to Evolution 1.0.14.

    Please share this message to ensure every Evo site owner knows. [ed. note: smashingred last edited this post 7 years, 4 months ago.]
      Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician. BlogTwitterLinkedInGitHub

    This discussion is closed to further replies. Keep calm and carry on.