30 November 2016
Vulnerability in latest version of MODX Evolution is being exploited in the wild
We are getting reports of active exploitation for recently patched PHP code injection vulnerability in MODX Evolution SB2016111601. The vulnerability is particularly dangerous as it allows permanently inject PHP code into database of vulnerable web application.
The exploit code spotted in the wild stores PHP backdoor into user configuration in database and executes it every time the vulnerable parseUserConfig() function is called.
As of November 30, 2016, this vulnerability is being exploited in the wild against websites powered by MODX Evolution.
We strongly recommend to install the latest security patch to avoid possible website compromise:
http://extras.evolution-cms.com/packages/core/security-fix.html
Latest Posts
Ukrainian military personnel targeted via messaging apps and dating sites
The threat actor employs a range of software in their malicious activities, including both commercial programs and open-source tools.18 April 2024
Russian military hackers targeted US water utilities and hydroelectric facilities in Europe
This marks the first time Russian nation-state hackers have posed a direct threat to critical infrastructure in Western countries.18 April 2024
International police operation takes down massive PhaaS platform LabHost
The investigation found over 40 000 phishing domains linked to LabHost, which had some 10 000 users worldwide.18 April 2024
Popular Posts
Featured vulnerabilities