E18-8vf31
CVSS:
7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
3
Year:
2018
Description
This strike exploits a remote code execution vulnerability found in Modx Revolution CMS.
The vulnerability is due to improper input validation while processing parameters before passing them into 'phpthumb' class.
An attacker could exploit this vulnerability by crafting a special HTML POST request that can create a file with custom a filename and content.
This can result in execution of arbitrary commands under the privileges of web server daemon user.