Vulnerability Details CVE-2022-26149
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.036
EPSS Ranking 87.4%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/171488/MODX-Revolution-2.8.3-pl-Remote-Code-Execution.html
- https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt
- http://packetstormsecurity.com/files/171488/MODX-Revolution-2.8.3-pl-Remote-Code-Execution.html
- https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt
Products affected by CVE-2022-26149
-
cpe:2.3:a:modx:revolution:2.0.0
-
cpe:2.3:a:modx:revolution:2.2.0
-
cpe:2.3:a:modx:revolution:2.3.0
-
cpe:2.3:a:modx:revolution:2.3.1
-
cpe:2.3:a:modx:revolution:2.4.0
-
cpe:2.3:a:modx:revolution:2.4.1
-
cpe:2.3:a:modx:revolution:2.5.0
-
cpe:2.3:a:modx:revolution:2.5.1
-
cpe:2.3:a:modx:revolution:2.5.2
-
cpe:2.3:a:modx:revolution:2.5.3
-
cpe:2.3:a:modx:revolution:2.5.4
-
cpe:2.3:a:modx:revolution:2.5.5
-
cpe:2.3:a:modx:revolution:2.5.6
-
cpe:2.3:a:modx:revolution:2.7.3
-
cpe:2.3:a:modx:revolution:2.8.0
-
cpe:2.3:a:modx:revolution:2.8.1
-
cpe:2.3:a:modx:revolution:2.8.2
-
cpe:2.3:a:modx:revolution:2.8.3