Description
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2014-6500 Vulnerability (CVE-2014-6500)
Drupal CVE-2017-6930 Vulnerability (CVE-2017-6930)
MediaWiki CVE-2017-0371 Vulnerability (CVE-2017-0371)
Drupal Core 9.2.x Multiple Security Bypass Vulnerabilities (9.2.0 - 9.2.5)
WordPress Plugin Ultimate GDPR & CCPA Compliance Toolkit for WordPress Security Bypass (2.4)