CVE-2019-1010123

Published: Jul 23, 2019Modified: Jun 17, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via /assets/components/gallery/connector.php.

Affected (1)

Products: Modx: Modx Revolution

1 product

Modx Revolution

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Modx Modx Revolution	Up to 2.6.4

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://modx.pro/security/15912#comment-99640

Source: josh@bress.net

ExploitVendor Advisory

https://modx.today/posts/2018/07/critical-security-vulnerability-in-gallery-1.7.1

Source: josh@bress.net

Vendor Advisory

https://modx.pro/security/15912#comment-99640

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://modx.today/posts/2018/07/critical-security-vulnerability-in-gallery-1.7.1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.