Description

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

Remediation

References

CVE-2022-26149

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-39124)

WordPress 5.0.x Cross-Site Request Forgery (5.0 - 5.0.3)

WordPress Plugin Frontend Post WordPress-AccessPress Anonymous Post includes Backdoor [Only if downloaded via the vendor website] (2.8.0)

WordPress Plugin Stock market charts from finviz Cross-Site Scripting (1.0)

Jboss EAP Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-3642)

Severity

High

Classification

CVE-2022-26149 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities