CVE-2022-26149

HIGH

MODX Revolution <2.8.3-pl - Authenticated RCE

Title source: llm

Description

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sarang Tumne · textwebappsphp

https://www.exploit-db.com/exploits/51059

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171488/MODX-Revolution-2.8.3-pl-Remote-Code-Execution.html

Scores

CVSS v3 7.2

EPSS 0.1049

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (2)

modx/revolution < 2.8.3

modx/revolution 0Packagist

Published Feb 26, 2022

Tracked Since Feb 18, 2026