Description
A vulnerability was discovered in MODX Revolution that allows users to inject and manipulate the database. Attackers could exploit this to alter or destroy data in the database.
Affected Releases
All MODX Revolution releases prior to and including 2.2.12.
For releases prior to 2.2.6, please contact MODX Support for assistance patching your version, or to get help with an upgrade to 2.2.13
Special Note for MODX Cloud Users
If your sites are on MODX Cloud, we've taken steps to protect all sites from this issue, as always we recommend you upgrade to 2.2.13 at your earliest convenience.
Acknowledgement
We would like to thank MODX community member, Mark Ernst, for bringing this issue to our attention.
Additional Information
For additional information, please use the MODX Contact Form]]>smashingredMar 07, 2014, 04:30 PMhttps://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection#dis-post-492046