MODX Revolution Remote Code Execution Vulnerability

MODX Revolution Remote Code Execution Vulnerability

July 20, 2018 | Adeline Zhang

Recently MODX announced two critical vulnerabilities (CVE-2018-1000207) in MODX Revolution 2.6.4 and earlier versions.  A remote attacker could use the vulnerabilities to execute arbitrary code and further to control the website or delete files.

Reference: https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515

Affected Versions

  • MODX Revolution <= 2.6.4

Unaffected Versions

  •  Modx Revolution >= 2.6.5

Solution

Users are advised to upgrade to MODX Revolution 2.6.5 or above.
Reference: https://modx.com/download

About MODX

MODX (originally MODx) is a free, open source content management system and web application

framework for publishing content on the world wide web and intranets. MODX is licensed under the GPL, written in the PHP programming language, and supports MySQL and Microsoft

SQL Server as the database, was awarded Packt Publishing’s Most Promising Open Source

Content Management System in 2007.