Description

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

Remediation

References

CVE-2022-26149

Related Vulnerabilities

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.24)

WordPress Plugin File Away Multiple Unspecified Vulnerabilities (3.8.4)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45474)

WordPress Plugin Google Analytics Counter Tracker PHP Object Injection (3.4.0)

Severity

High

Classification

CVE-2022-26149 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities