Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CMS

MODX

MODX helps you take control of your online content. An Open Source PHP application framework it frees you to build sites exactly how you want and make them 100 yours. Zero restrictions and fast to build. Super-simple templates in regular HTML/CSS/JS (any lib you want). Registered user systems and a killer community. Welcome to web-building nirvana.

Official Site:

https://modx.com/

Severity Summary:

Critical: 3 High: 14 Medium: 19 Low: 1
Reference
Title
Severity
CVE-2017-7321
MODX Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2017-7324
MODX Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2020-25911
MODX Improper Restriction of XML External Entity Reference Vulnerability
Critical
CVE-2017-1000067
MODX Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2014-2311
MODX Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2014-2736
MODX Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2017-9067
MODX Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2016-10037
MODX Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2016-10038
MODX Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2016-10039
MODX Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2017-7322
MODX Improper Certificate Validation Vulnerability
High
CVE-2017-7323
MODX Vulnerability
High
CVE-2019-1010123
MODX Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2022-26149
MODX Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2017-9069
MODX Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2018-1000208
MODX Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2018-1000207
MODX Incorrect Permission Assignment for Critical Resource Vulnerability
High
CVE-2014-8775
MODX Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2018-20757
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-20756
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2010-5278
MODX Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2014-2080
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-20755
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2014-8773
MODX Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2014-8774
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-9068
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-8115
MODX Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2015-6588
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-10382
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-1000223
MODX Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium