Product: MODX Evolution
Risk: Very High
Severity: Critical
Versions: 1.0.5 and all previous releases
Vunerability type: Remote Script Execution*
Report Date: 2012-Feb-16
Fixed Date: 2012-Feb-20
Description
A vigilant community member sent us a security notice to let us know that he found a security issue in a compromised site running MODX Evolution 1.0.5.
Upon investigation, we determined that MODX Evolution had been sanitizing global GPC (GET/POST/Cookie or Request) variables in a way that allowed any Snippet within MODX that echoed user input (i.e. a website form field) from the GPC variables back to the output (for display) to inadvertently execute the MODX tags provided in the input field.
*Remote script execution requires specific configurations of add-ons included in the core.
Affected Releases
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.5 are affected.
Solution
Upgrade to
MODX Evolution 1.0.6
[ed. note: smashingred last edited this post 12 years, 9 months ago.]