GSA_kwCzR0hTQS1waGhtLTZwZ20tbXh3Oc4AAbJs

High EPSS: 0.00546% (0.66511 Percentile) EPSS:

Permalink JSON

MODX Revolution blind SQL injection

Affected Packages	Affected Versions	Fixed Versions
packagist:modx/revolution	>= 2.0.0, <= 2.5.6	2.6.0
1 Dependent packages 5 Dependent repositories 8,138 Downloads total Affected Version Ranges All affected versions All unaffected versions

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-1000067
https://github.com/modxcms/revolution/blob/9bf1c6cf7bdc12190b404f93ce7798b39c07bc59/core/xpdo/changelog.txt
https://github.com/modxcms/revolution/blob/2.x/core/xpdo/changelog.txt#L48
https://github.com/advisories/GHSA-phhm-6pgm-mxw9

Identifiers

GHSA-phhm-6pgm-mxw9

CVE-2017-1000067

Risk

Severity

High

EPSS

EPSS Percentage: 0.00546

EPSS Percentile: 0.66511

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/modxcms/revolution

Date and time

Published

over 3 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories