On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Product: MODX Revolution
    Severity: Moderate
    Versions: <=2.5.1
    Vulnerability type: Directory Traversal / SQL Injection
    Report date: 2016-Nov-4
    Fixed date: 2016-Nov-14

    Description
    We received notice that there are several vulnerabilities that include a SQL injection and directory traversal. These issues on their own are not critical in nature, however, it could be possible for determined attackers to combine vectors to compromise a site.

    Affected Releases
    All MODX Revolution releases prior to and including 2.5.1

    Solutions
    1. Upgrade to MODX Revolution 2.5.2 or above.
    2. Patch available for versions 2.3.3-2.5.2 thanks to Sterc. Versions below 2.3.3 must upgrade.

    Support
    If you do not know how to upgrade your site there are several support options available. You can contact the developer or builder of your site, ask for help in the MODX Forums, find a MODX Professional or get help from the MODX Services team.

    Acknowledgement
    We would like to thank [url=modxclub.ru]Nikolay Lanetshttp://modx.com/company/contact/]MODX Contact Form" target="_blank" rel="nofollow"> and Chen Ruiqi from for bringing these issues to our attention and verifying their resolution.

    Additional Information
    For additional information, please use the [url=http://modx.com/company/contact/]MODX Contact Form [ed. note: smashingred last edited this post 4 years, 10 months ago.]
      Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician. BlogTwitterLinkedInGitHub

    This discussion is closed to further replies. Keep calm and carry on.