Vulnerabilities

2007-10-10T00:00:00
ID SECURITYVULNS:DOC:18157
Type securityvulns
Reporter Securityvulns
Modified 2007-10-10T00:00:00

Description

New Advisory: modx-0.9.6 http://www.dear-pets.com

——————–Summary—————- Software: modx-0.9.6 Sowtware’s Web Site: http://www.modxcms.com Versions: 0.9.6 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: http://www.dear-pets.com

—————–Description————— 1. SQL Injection.

Vulnerable script: mutate_content.dynamic.php

Parameters ‘documentDirty’, ‘modVariables’ is not properly sanitized before being used in SQL query. This can be used to make SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

————–PoC/Exploit———————- Waiting for developer(s) reply.

————–Solution——————— No Patch available.

————–Credit———————– Discovered by: http://www.dear-pets.com