-
MODX Staff
- 730 Posts
Status: Solved
Product: MODx Evolution
Severity: High
Versions: 1.0.4 and prior
Advisory Date: 2011-01-26
Fixed Date: 2011-01-19
Impact:
a) A remote attacker may access or view arbitrary files on the server.
b) A remote attacker may execute arbitrary PHP code as a result of SQL injection.
Description
JPCERT/CC has issued the following advisories:
a)
http://jvn.jp/en/jp/JVN95385972/index.html
b)
http://jvn.jp/en/jp/JVN54092716/index.html
Solution
Upgrade to MODx Revolution 1.0.5 available here:
http://modxcms.com/download.html#ga
Read the
Release Announcement for Evolution 1.0.5.