| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071009063522.28832.qmail@securityfocus.com> Date: 9 Oct 2007 06:35:22 -0000 From: xoxland@...il.com To: bugtraq@...urityfocus.com Subject: Vulnerabilities New Advisory: modx-0.9.6 http://www.dear-pets.com ——————–Summary—————- Software: modx-0.9.6 Sowtware’s Web Site: http://www.modxcms.com Versions: 0.9.6 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: http://www.dear-pets.com —————–Description————— 1. SQL Injection. Vulnerable script: mutate_content.dynamic.php Parameters ‘documentDirty’, ‘modVariables’ is not properly sanitized before being used in SQL query. This can be used to make SQL queries by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off ————–PoC/Exploit———————- Waiting for developer(s) reply. ————–Solution——————— No Patch available. ————–Credit———————– Discovered by: http://www.dear-pets.com
Powered by blists - more mailing lists