Description
On July 11 we received notice that there are two critical vulnerabilities that include remote script execution and file/directory removal. These issues are critical in nature. It is possible for attackers to compromise the website or deface or delete files or directories.
Affected Releases
All MODX Revolution releases prior to and including 2.6.4
Support
If you do not know how to upgrade your site there are several support options available. You can contact the developer or builder of your site, ask for help in the MODX Forums, find a MODX Professional or get help from the MODX Services team.
Acknowledgement
We would like to thank Ivan Klimchuk (Alroniks) and agel_nash for bringing these issues to our attention and verifying their resolution.
Additional Information
For additional information, please email MODX Support.]]>smashingredJul 12, 2018, 02:34 PMhttps://forums.modx.com/thread/104039/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559514