Description
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Content Copy Protection & Prevent Image Save Cross-Site Request Forgery (1.3)
Grafana Improper Synchronization Vulnerability (CVE-2023-2801)
Ruby on Rails Missing Encryption of Sensitive Data Vulnerability (CVE-2010-3299)
WordPress Plugin My Calendar Cross-Site Scripting (3.1.9)
WordPress Plugin bbPress Social Network Multiple Cross-Site Scripting Vulnerabilities (9.2)