CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism.

Product Status

Learn more

Information not provided

References 2 Total

securityfocus.com: 97228
external site
vdb-entry
https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf
external site

Updated: 2024-08-05

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

securityfocus.com: 97228
external site
vdb-entryx_transferred
https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 2 Total

CVE Program

References 2 Total