CVE-2022-26149: Unrestricted Upload of File with Dangerous Type

February 26, 2022 (updated March 27, 2023)

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.

References

github.com/sartlabs/0days/blob/main/Modx/Exploit.txt
nvd.nist.gov/vuln/detail/CVE-2022-26149

Code Behaviors & Features

Detect and mitigate CVE-2022-26149 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →