PT-2009-1415 · Modx · Modx
Gaku Mochizuki
·
Published
2009-01-22
·
Updated
2017-08-08
·
CVE-2008-5940
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MODx versions 0.9.6.2 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands when the magic quotes gpc setting is disabled. This is achieved via the
searchid parameter in the "index.php" endpoint.Recommendations
For MODx versions 0.9.6.2 and earlier, consider disabling the
searchid parameter in the "index.php" endpoint until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Modx