Vulnerability CVE-2022-26149


Published: 2022-02-26   Modified: 2022-02-27

Description:
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Remote Code Execution in MODX Revolution V2.8.3-pl
Sarang Tumne
15.11.2022

 References:
https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt

Copyright 2022, cxsecurity.com

 

Back to Top