Status: Solved (See:
Notice on fix)
Product: MODx Revolution
Risk: Moderate
Versions: 2.0.x
Vunerability type: Cross-Site Scripting and Local File Inclusion Vulnerabilities
Report Date: 2010-09-29
Fixed Date: 2010-09-29
Description
Issue reported as
Secunia Advisory SA41638.
Input passed via the "modahsh" parameter to manager/index.php is not properly sanitized before being returned to the user and input passed via the "class_key" parameter to manager/controllers/default/resource/tvs.php is not properly verified before being used to include files.
Affected Releases
MODx Revolution 2.0.2-pl however it is possible previous releases contain the vulnerability.
Solution
Upgrade to MODx Revolution 2.0.3 available here:
http://modxcms.com/download.html#pl
Read the
Release Announcement for Revolution 2.0.3.
Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup
magician.
Blog ✦
Twitter ✦
LinkedIn ✦
GitHub