Product: MODX Evolution
Risk: Very High
Vulnerabilty Type: Remote Code Execution
Report Date: 2014-May-29
Fixed Date: 2014-June-5
The AjaxSearch component distributed with all versions of MODX Evolution (and 0.9.x) contains a vulnerability that allows remote code execution.
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.13 (with AjaxSearch installed) are affected.
There are two ways to resolve or mitigate the issue: