Description
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server CVE-2024-0056 Vulnerability (CVE-2024-0056)
WordPress Plugin UserPro-Community and User Profile Multiple Vulnerabilities (5.1.4)
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2513)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.18)