logo

Database

NoSQL injection In modx/revolution

Description

MODX Revolution blind SQL injection MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-10000672. NVD-2017-10000673. OSV-2017-10000674. GCVE-2017-1000067

References

1. https://github.com/modxcms/revolution/blob/2.x/core/xpdo/changelog.txt#L482. https://github.com/modxcms/revolution/blob/9bf1c6cf7bdc12190b404f93ce7798b39c07bc59/core/xpdo/changelog.txt

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.