Description
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Registration Forms Unspecified Vulnerability (1.8.4)
phpMyAdmin Resource Management Errors Vulnerability (CVE-2016-6632)
Plone CMS Improper Access Control Vulnerability (CVE-2015-7315)
WordPress Plugin WP Fastest Cache Unspecified Vulnerability (0.8.8.5)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.22)