Vulnerabilities > Modx > Modx Revolution > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-1010123 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. | 7.5 |
| 2018-07-13 | CVE-2018-1000208 | Path Traversal vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. | 7.5 |
| 2018-07-13 | CVE-2018-1000207 | Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. | 7.2 |
| 2017-05-18 | CVE-2017-9069 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | 8.8 |
| 2017-05-18 | CVE-2017-9067 | Path Traversal vulnerability in multiple products In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | 7.0 |
| 2017-03-30 | CVE-2017-7323 | Unspecified vulnerability in Modx Revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism. | 8.1 |
| 2017-03-30 | CVE-2017-7322 | Improper Certificate Validation vulnerability in Modx Revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | 8.1 |
| 2016-12-24 | CVE-2016-10039 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. | 7.3 |
| 2016-12-24 | CVE-2016-10038 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. | 7.3 |
| 2016-12-24 | CVE-2016-10037 | Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. | 7.3 |