UNDER ATTACK? CALL US

MODX Revolution Remote Code Execution Vulnerability

By adminIn Blog, Emergency ResponsePosted
MODX logo with green and blue design.

Recently MODX announced two critical vulnerabilities (CVE-2018-1000207) in MODX Revolution 2.6.4 and earlier versions.  A remote attacker could use the vulnerabilities to execute arbitrary code and further to control the website or delete files.

Reference: https://forums.modx.com/thread/104040/revolution-2-6-4-and-prior-two-cricital-vulnerabilities-upgrade-mandatory-patch#dis-post-559515

Affected Versions

  • MODX Revolution <= 2.6.4

Unaffected Versions

  •  Modx Revolution >= 2.6.5

Solution

Users are advised to upgrade to MODX Revolution 2.6.5 or above.
Reference: https://modx.com/download

About MODX

MODX (originally MODx) is a free, open source content management system and web application

framework for publishing content on the world wide web and intranets. MODX is licensed under the GPL, written in the PHP programming language, and supports MySQL and Microsoft

SQL Server as the database, was awarded Packt Publishing’s Most Promising Open Source

Content Management System in 2007.

NSFOCUS
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.