Vulnerability CVE-2018-1000207


Published: 2018-07-13

Description:
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.

See advisories in our WLB2 database:
Topic
Author
Date
High
Modx Revolution Remote Code Execution
Vitalii Rudnykh
19.07.2018

Type:

CWE-732

Vendor: MODX
Product: Modx revolution 
Version: 2.6.4;

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://github.com/a2u/CVE-2018-1000207
https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68
https://github.com/modxcms/revolution/pull/13979
https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4

Related CVE
CVE-2019-14518
** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel."
CVE-2019-1010178
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change dat...
CVE-2019-1010123
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb cla...
CVE-2018-20758
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
CVE-2018-20757
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
CVE-2018-20756
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
CVE-2018-20755
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
CVE-2018-17556
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action.

Copyright 2019, cxsecurity.com

 

Back to Top