Description
MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF token parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.6.2)
PHP Out-of-bounds Read Vulnerability (CVE-2020-7061)
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2019-15226)
Apache HTTP Server Other Vulnerability (CVE-2001-0730)
Apache Tomcat Off-by-one Error Vulnerability (CVE-2023-28709)