Agel_Nash

Name of the Vulnerable Software and Affected Versions: MODX Revolution Gallery version 1.7.0 Description: The issue allows creating a file with custom filename and content. It involves filtering user parameters before passing them into the `phpthumb` class. The attack vector is a web request via the "/assets/components/gallery/connector.php" API endpoint. Recommendations: For MODX Revolution Gallery version 1.7.0, consider restricting access to the `/assets/components/gallery/connector.php` API endpoint until a patch is available. As a temporary workaround, filtering user parameters more strictly before passing them into the `phpthumb` class may help minimize the risk of exploitation.