Bugtraq mailing list archives
Vulnerabilities
From: xoxland () gmail com
Date: 9 Oct 2007 06:35:22 -0000
New Advisory: modx-0.9.6 http://www.dear-pets.com Summary- Software: modx-0.9.6 Sowtwares Web Site: http://www.modxcms.com Versions: 0.9.6 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: http://www.dear-pets.com Description 1. SQL Injection. Vulnerable script: mutate_content.dynamic.php Parameters documentDirty, modVariables is not properly sanitized before being used in SQL query. This can be used to make SQL queries by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off PoC/Exploit- Waiting for developer(s) reply. Solution No Patch available. Credit Discovered by: http://www.dear-pets.com
Current thread:
- Vulnerabilities xoxland (Oct 09)
- Re: Vulnerabilities Victor Brilon (Oct 11)
- <Possible follow-ups>
- Re: Vulnerabilities sottwell (Oct 11)