Vulnerability in N/a
CVE-2018-1000207
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear…
EPSS: 0.649 (99.1th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4 (x_refsource_MISC)
- github.com/modxcms/revolution/pull/13979 (x_refsource_CONFIRM)
- github.com/a2u/CVE-2018-1000207 (x_refsource_MISC)
- github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ef6e68 (x_refsource_CONFIRM)