Jay Gilmore Reply #1, 1 year, 11 months ago
Product: MODx Evolution
Risk: Moderate
Versions: 1.0.3 and all previous releases
Vunerability type: SQL Injection
Report Date: 2010-May-28
Fixed Date: 2010-May-28
Description Issue reported as HTB22412. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php.
No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.
Affected Releases All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.
Solution Upgrade to MODx Evolution 1.0.4 or later: http://modxcms.com/download.html#ga
Risk: Moderate
Versions: 1.0.3 and all previous releases
Vunerability type: SQL Injection
Report Date: 2010-May-28
Fixed Date: 2010-May-28
Description Issue reported as HTB22412. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php.
No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.
Affected Releases All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.
Solution Upgrade to MODx Evolution 1.0.4 or later: http://modxcms.com/download.html#ga