CVE-2018-1000207: Modx Revolution Remote Code Execution Vulnerability Alert

Recently, Modx officially announced that there are two high-risk vulnerabilities in its Modx Revolution 2.6.4 and previous versions. The attacker can remotely execute arbitrary code through this vulnerability, thereby gaining control of the website or deleting arbitrary files.

MODX (originally MODx) is a free open source content management system and web application framework for publishing content on the World Wide Web and intranet. MODX is licensed under the GPL and is written in the PHP programming language and supports MySQL and Microsoft SQL Server as databases. It was awarded the most potential open source content management system from Packt Publishing in 2007.

Affected version

• Modx Revolution <= 2.6.4

Unaffected version

• Modx Revolution >= 2.6.5

Solution

Modx official has released a new version to fix the high vulnerability; affected users should upgrade as soon as possible to protect.