Arbitrary Code Execution Vulnerability in MODX Revolution through 2.8.3-pl

Arbitrary Code Execution Vulnerability in MODX Revolution through 2.8.3-pl

CVE-2022-26149 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

Learn more about our Web Application Penetration Testing UK.