Alroniks

**Name of the Vulnerable Software and Affected Versions** MODX Revolution versions prior to 2.6.5 **Description** The issue is related to incorrect access control in filtering user parameters before passing them into the phpthumb class, which can result in creating a file with a custom filename and content. This can be exploited via a web request. **Recommendations** For MODX Revolution versions prior to 2.6.5, update to version 2.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the phpthumb class until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MODX Revolution versions prior to 2.6.5 **Description** The issue is related to a Directory Traversal vulnerability in the /core/model/modx/modmanagerrequest.class.php file. This can be exploited via a web request to the security/login processor, potentially allowing the removal of files. The vulnerability was fixed in pull 13980. **Recommendations** For MODX Revolution versions prior to 2.6.5, update to version 2.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the security/login processor to minimize the risk of exploitation.