Recently MODX announced two critical vulnerabilities (CVE-2018-1000207) in MODX Revolution 2.6.4 and earlier versions. A remote attacker could use the vulnerabilities to execute arbitrary code and further to control the website or delete files.
Affected Versions
- MODX Revolution <= 2.6.4
Unaffected Versions
- Modx Revolution >= 2.6.5
Solution
Users are advised to upgrade to MODX Revolution 2.6.5 or above.
Reference: https://modx.com/download
About MODX
MODX (originally MODx) is a free, open source content management system and web application
framework for publishing content on the world wide web and intranets. MODX is licensed under the GPL, written in the PHP programming language, and supports MySQL and Microsoft
SQL Server as the database, was awarded Packt Publishing’s Most Promising Open Source
Content Management System in 2007.
