CVE-2018-1000207
Summary
| CVE | CVE-2018-1000207 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-13 18:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appears to have been fixed in commit 06bc94257408f6a575de20ddb955aca505ef6e68. |
Risk And Classification
Problem Types: CWE-732
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Modx | Modx Revolution | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Filtering user parameters before passing them into phpthumb class #13979 · modxcms/revolution@06bc942 · GitHub | CONFIRM | github.com | Patch, Third Party Advisory |
| Page not found · GitHub · GitHub | MISC | github.com | Broken Link, Third Party Advisory |
| Fix/phpthumb filter user parameters by Alroniks · Pull Request #13979 · modxcms/revolution · GitHub | CONFIRM | github.com | Exploit, Third Party Advisory |
| Critical vulnerability. Modx Revolution < 2.6.4 [CVE-2018-1000207] - Vitalii Rudnykh | MISC | rudnkh.me | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.