We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

MODx Evolution SQL Injection Vulnerability

  • Jay Gilmore Reply #1, 13 years, 10 months ago
    Product: MODx Evolution
    Risk: Moderate
    Versions: 1.0.3 and all previous releases
    Vunerability type: SQL Injection
    Report Date: 2010-May-28
    Fixed Date: 2010-May-28

    Description
    Issue reported as HTB22412. Attacker could potentially compromise MODx Evolution via an unsanitized variable on the /manager/index.php.

    No actual destructive exploit has yet been created or proven. The proof of concept offered on the htbridge.ch site, and variants, can only cause a SQL error to be displayed.

    Affected Releases
    All MODx 0.9.x/Evolution releases prior to and including MODx Evolution 1.0.3 are affected.

    Solution
    Upgrade to MODx Evolution 1.0.4 or later: http://modxcms.com/download.html#ga
      Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup magician. BlogTwitterLinkedInGitHub

    This discussion is closed to further replies. Keep calm and carry on.