Description

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

Remediation

References

CVE-2022-26149

Related Vulnerabilities

WordPress Plugin ReviewX-Multi-criteria Rating & Reviews for WooCommerce SQL Injection (1.6.8)

WordPress Plugin Wordpress Forms Multiple Vulnerabilities (0.2.7.1)

MySQL CVE-2013-5894 Vulnerability (CVE-2013-5894)

WordPress Plugin Soundy Background Music Cross-Site Scripting (3.9)

WordPress Plugin Ad-minister Cross-Site Scripting (0.6)

Severity

High

Classification

CVE-2022-26149 CWE-434 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities