Description
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.
Remediation
References
Related Vulnerabilities
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.24)
WordPress Plugin File Away Multiple Unspecified Vulnerabilities (3.8.4)
WordPress Plugin Google Analytics Counter Tracker PHP Object Injection (3.4.0)