CVE-2022-26149

HIGH

MODX Revolution <2.8.3-pl - Authenticated RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-26149. PoCs published by Sarang Tumne.

AI-analyzed exploit summary This exploit demonstrates an authenticated remote code execution (RCE) vulnerability in MODX Revolution v2.8.3-pl by abusing the file upload functionality to upload a malicious PHP shell. The attacker must first authenticate as an admin and modify system settings to allow PHP file uploads.

Description

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sarang Tumne · textwebappsphp
https://www.exploit-db.com/exploits/51059

This exploit demonstrates an authenticated remote code execution (RCE) vulnerability in MODX Revolution v2.8.3-pl by abusing the file upload functionality to upload a malicious PHP shell. The attacker must first authenticate as an admin and modify system settings to allow PHP file uploads.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MODX Revolution v2.8.3-pl
Auth required
Prerequisites: Admin credentials · Access to system settings · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.2
EPSS 0.1049
EPSS Percentile 93.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (2)
modx/revolution < 2.8.3
modx/revolution 0Packagist
Published Feb 26, 2022
Tracked Since Feb 18, 2026