Vulnerabilities

From: xoxland@gmail.com
To: bugtraq@securityfocus.com
Cc:
Subject: Vulnerabilities
Date:


 New Advisory:
modx-0.9.6
http://www.dear-pets.com

\u2014\u2014\u2014\u2014\u2014\u2014\u2013Summary\u2014\u2014\u2014\u2014\u2014-
Software: modx-0.9.6
Sowtware\u2019s Web Site: http://www.modxcms.com
Versions: 0.9.6
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: http://www.dear-pets.com

\u2014\u2014\u2014\u2014\u2014\u2013Description\u2014\u2014\u2014\u2014\u2014
1. SQL Injection.

Vulnerable script: mutate_content.dynamic.php

Parameters \u2018documentDirty\u2019, \u2018modVariables\u2019 is not
properly sanitized before being used in SQL query. This can be used to
make SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

\u2014\u2014\u2014\u2014\u2013PoC/Exploit\u2014\u2014\u2014\u2014\u2014\u2014\u2014-
Waiting for developer(s) reply.

\u2014\u2014\u2014\u2014\u2013Solution\u2014\u2014\u2014\u2014\u2014\u2014\u2014
No Patch available.

\u2014\u2014\u2014\u2014\u2013Credit\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2013
Discovered by: http://www.dear-pets.com





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.