Modx Revolution Remote Code Execution

Modx Revolution < 2.6.4 suffers from a Remote Code Execution.

This has been patched by the authors in v 2.6.5, if you are running anything less than 2.6.5 you should upgrade your ModX immediately.

Utilizing a vulnerability in the way Modx handles thumbnail creation in the file
/connectors/system/phpthumb.php

Can allow an attacker to pass exploit data to
/assets/components/gallery/connector.php

Which then allows the attacker to execute remote code execution.

Remote code execution means the attack can invoke system calls and take full control over the system.

This is a very dangerous vulnerability and should be patched immediately.

Visit the official Modx site to update your ModX installation.

follow and like us:
Author :