CVE-2019-1010123

EPSS 1.2%CWE-434

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

23 Jul 2019Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.

Affected products

MODX Revolution · Gallery

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://modx.pro/security/15912#comment-99640 https://modx.today/posts/2018/07/critical-security-vulnerability-in-gallery-1.7.1