Security Advisory

CVE-2018-1000207

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-07-13 18:00:00

Last updated 2024-08-05 12:40:46

Assigner mitre

State PUBLISHED

Description

MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.

← Browse all CVEs View on cve.org ↗