logo

Database

Insecure file upload In modx/revolution

Description

Unrestricted Upload of File with Dangerous Type in MODX Revolution MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2022-261492. NVD-2022-261493. OSV-2022-261494. GCVE-2022-26149

References

1. https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt2. http://packetstormsecurity.com/files/171488/MODX-Revolution-2.8.3-pl-Remote-Code-Execution.html3. https://www.exploit-db.com/exploits/51059

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.