Multiple SQL injection vulnerabilities in MODX Revolution prior to 2.2.14 allow remote malicious users to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
modx modx revolution 2.0.0 |
||
modx modx revolution 2.1.5 |
||
modx modx revolution 2.2.0 |
||
modx modx revolution 2.2.1 |
||
modx modx revolution 2.2.10 |
||
modx modx revolution 2.0.5 |
||
modx modx revolution 2.0.6 |
||
modx modx revolution 2.0.7 |
||
modx modx revolution 2.0.8 |
||
modx modx revolution 2.1.0 |
||
modx modx revolution 2.2.3 |
||
modx modx revolution 2.2.4 |
||
modx modx revolution 2.2.5 |
||
modx modx revolution 2.2.6 |
||
modx modx revolution 2.0.4 |
||
modx modx revolution 2.1.2 |
||
modx modx revolution 2.1.4 |
||
modx modx revolution 2.2.11 |
||
modx modx revolution |
||
modx modx revolution 2.2.8 |
||
modx modx revolution 2.0.1 |
||
modx modx revolution 2.0.3 |
||
modx modx revolution 2.1.1 |
||
modx modx revolution 2.1.3 |
||
modx modx revolution 2.2.12 |
||
modx modx revolution 2.2.2 |
||
modx modx revolution 2.2.7 |
||
modx modx revolution 2.2.9 |
Vulmon