Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1waGhtLTZwZ20tbXh3Oc4AAbJs
MODX Revolution blind SQL injection
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
Permalink: https://github.com/advisories/GHSA-phhm-6pgm-mxw9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1waGhtLTZwZ20tbXh3Oc4AAbJs
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 6 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-phhm-6pgm-mxw9, CVE-2017-1000067
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000067
- https://github.com/modxcms/revolution/blob/9bf1c6cf7bdc12190b404f93ce7798b39c07bc59/core/xpdo/changelog.txt
- https://github.com/modxcms/revolution/blob/2.x/core/xpdo/changelog.txt#L48
- https://github.com/advisories/GHSA-phhm-6pgm-mxw9
Blast Radius: 6.2
Affected Packages
packagist:modx/revolution
Dependent packages: 1Dependent repositories: 5
Downloads: 6,644 total
Affected Version Ranges: >= 2.0.0, <= 2.5.6
Fixed in: 2.6.0
All affected versions:
All unaffected versions: