Product: MODx Evolution
Versions: 1.0.4 and prior
Advisory Date: 2011-01-26
Fixed Date: 2011-01-19
a) A remote attacker may access or view arbitrary files on the server.
b) A remote attacker may execute arbitrary PHP code as a result of SQL injection.
JPCERT/CC has issued the following advisories:
Upgrade to MODx Revolution 1.0.5 available here: http://modxcms.com/download.html#ga
Read the Release Announcement
for Evolution 1.0.5.