Vulnerabilities > Modx > Modx Revolution > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-30 | CVE-2017-7324 | Code Injection vulnerability in Modx Revolution setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | 7.5 |
| 2017-03-30 | CVE-2017-7321 | Code Injection vulnerability in Modx Revolution setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | 7.5 |
| 2016-12-24 | CVE-2016-10039 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | 7.5 |
| 2016-12-24 | CVE-2016-10038 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. | 7.5 |
| 2016-12-24 | CVE-2016-10037 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | 7.5 |
| 2014-04-24 | CVE-2014-2736 | SQL Injection vulnerability in Modx Revolution Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php. | 7.5 |
| 2014-03-11 | CVE-2014-2311 | SQL Injection vulnerability in Modx Revolution SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |