Recently MODX announced two critical vulnerabilities (CVE-2018-1000207) in MODX Revolution 2.6.4 and earlier versions. A remote attacker could use the vulnerabilities to execute arbitrary code and further to control the website or delete files.
- MODX Revolution <= 2.6.4
- Modx Revolution >= 2.6.5
Users are advised to upgrade to MODX Revolution 2.6.5 or above.
MODX (originally MODx) is a free, open source content management system and web application
framework for publishing content on the world wide web and intranets. MODX is licensed under the GPL, written in the PHP programming language, and supports MySQL and Microsoft
SQL Server as the database, was awarded Packt Publishing’s Most Promising Open Source
Content Management System in 2007.