1.0.3 and all previous releases
Issue reported as HTB22412
. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php.
No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.
All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.
Upgrade to MODx Evolution 1.0.4 or later: http://modxcms.com/download.html#ga