Product: MODX Revolution
Severity: Extremely Critical
Vulnerability type: Security Bypass
Report date: 2013-Jun-4
Fixed date: 2013-Jun-4
Two vulnerabilities were discovered in MODX that allow users to bypass security. Attackers could exploit this to remotely execute arbitrary code on the targeted server.
All MODX Revolution releases from and including 2.1.0–2.2.7 are affected. Revolution 2.0.8 and below are not affected.
There are two possible solutions:
- Upgrade to MODX Revolution 2.2.8, or
- Install this plugin patch until upgrade to 2.2.8+ is completed.
We would like to thank valued community members Fi1osof and Agel_Nash for bringing this issue to our attention.
For additional information, please use the MODX Contact Form