Vulnerability Description
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Modx | Modx Revolution | <= 2.6.4 |
Related Weaknesses (CWE)
References
- https://github.com/a2u/CVE-2018-1000207Broken LinkThird Party Advisory
- https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ePatchThird Party Advisory
- https://github.com/modxcms/revolution/pull/13979ExploitThird Party Advisory
- https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4ExploitThird Party Advisory
- https://github.com/a2u/CVE-2018-1000207Broken LinkThird Party Advisory
- https://github.com/modxcms/revolution/commit/06bc94257408f6a575de20ddb955aca505ePatchThird Party Advisory
- https://github.com/modxcms/revolution/pull/13979ExploitThird Party Advisory
- https://rudnkh.me/posts/critical-vulnerability-in-modx-revolution-2-6-4ExploitThird Party Advisory
FAQ
What is CVE-2018-1000207?
CVE-2018-1000207 is a vulnerability with a CVSS score of 7.2 (HIGH). MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a fi...
How severe is CVE-2018-1000207?
CVE-2018-1000207 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000207?
Check the references section above for vendor advisories and patch information. Affected products include: Modx Modx Revolution.