High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-26	CVE-2022-26149	Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator. network low complexity modx CWE-434	7.2
2019-07-24	CVE-2019-1010178	Improper Access Control vulnerability in Modx Fred 1.0.0 Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. network low complexity modx CWE-284	7.5
2017-03-30	CVE-2017-7324	Code Injection vulnerability in Modx Revolution setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. network low complexity modx CWE-94	7.5
2017-03-30	CVE-2017-7321	Code Injection vulnerability in Modx Revolution setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. network low complexity modx CWE-94	7.5
2016-12-24	CVE-2016-10039	Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles. network low complexity modx CWE-22	7.5
2016-12-24	CVE-2016-10038	Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove. network low complexity modx CWE-22	7.5
2016-12-24	CVE-2016-10037	Path Traversal vulnerability in Modx Revolution Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist. network low complexity modx CWE-22	7.5
2014-04-24	CVE-2014-2736	SQL Injection vulnerability in Modx Revolution Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php. network low complexity modx CWE-89	7.5
2014-03-11	CVE-2014-2311	SQL Injection vulnerability in Modx Revolution SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. network low complexity modx CWE-89	7.5