<![CDATA[ MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability

<![CDATA[ MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability - My Forums]]> https://forums.modx.com/thread/?thread=74423 <![CDATA[MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability]]> https://forums.modx.com/thread/74423/modx-evolution-1-0-5-and-prior-remote-script-execution-vulnerability#dis-post-412760 Product: MODX Evolution
Risk: Very High
Severity: Critical
Versions: 1.0.5 and all previous releases
Vunerability type: Remote Script Execution*
Report Date: 2012-Feb-16
Fixed Date: 2012-Feb-20

Description

A vigilant community member sent us a security notice to let us know that he found a security issue in a compromised site running MODX Evolution 1.0.5.

Upon investigation, we determined that MODX Evolution had been sanitizing global GPC (GET/POST/Cookie or Request) variables in a way that allowed any Snippet within MODX that echoed user input (i.e. a website form field) from the GPC variables back to the output (for display) to inadvertently execute the MODX tags provided in the input field.

*Remote script execution requires specific configurations of add-ons included in the core.

Affected Releases
All MODX 0.9.x/Evolution releases prior to and including MODX Evolution 1.0.5 are affected.

Solution
Upgrade to MODX Evolution 1.0.6]]> smashingred Feb 20, 2012, 04:44 PM https://forums.modx.com/thread/74423/modx-evolution-1-0-5-and-prior-remote-script-execution-vulnerability#dis-post-412760