netProphET - MODX Complete Team Reply #1, 1 year, 3 months ago
Status: Solved
Product: MODx Evolution
Severity: High
Versions: 1.0.4 and prior
Advisory Date: 2011-01-26
Fixed Date: 2011-01-19
Impact:
a) A remote attacker may access or view arbitrary files on the server.
b) A remote attacker may execute arbitrary PHP code as a result of SQL injection.
Description JPCERT/CC has issued the following advisories:
a) http://jvn.jp/en/jp/JVN95385972/index.html
b) http://jvn.jp/en/jp/JVN54092716/index.html
Solution Upgrade to MODx Revolution 1.0.5 available here: http://modxcms.com/download.html#ga
Read the Release Announcement for Evolution 1.0.5.
Severity: High
Versions: 1.0.4 and prior
Advisory Date: 2011-01-26
Fixed Date: 2011-01-19
Impact:
a) A remote attacker may access or view arbitrary files on the server.
b) A remote attacker may execute arbitrary PHP code as a result of SQL injection.
Description JPCERT/CC has issued the following advisories:
a) http://jvn.jp/en/jp/JVN95385972/index.html
b) http://jvn.jp/en/jp/JVN54092716/index.html
Solution Upgrade to MODx Revolution 1.0.5 available here: http://modxcms.com/download.html#ga
Read the Release Announcement for Evolution 1.0.5.