Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-m899-6mh4-mpc5

Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 7.2

Описание

MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.

Ссылки

Пакеты

Наименование

modx/revolution

composer
Затронутые версииВерсия исправления

<= 2.6.4

2.7.0

EPSS

Процентиль: 88%
0.04016
Низкий

7.2 High

CVSS3

CVE ID

CVE-2018-1000207

Дефекты

CWE-732

Связанные уязвимости

nvd логотип

CVE-2018-1000207

CVSS3: 7.2
nvd
больше 7 лет назад

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.

EPSS

Процентиль: 88%
0.04016
Низкий

7.2 High

CVSS3

CVE ID

CVE-2018-1000207

Дефекты

CWE-732