PT-2009-1415 · Modx · Modx
Gaku Mochizuki
·
Publicado
2009-01-22
·
Atualizado
2017-08-08
·
CVE-2008-5940
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MODx versions 0.9.6.2 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands when the magic quotes gpc setting is disabled. This is achieved via the
searchid parameter in the "index.php" endpoint.Recommendations
For MODx versions 0.9.6.2 and earlier, consider disabling the
searchid parameter in the "index.php" endpoint until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.Correção
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Modx