Description

Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.

Remediation

References

CVE-2014-2736

Related Vulnerabilities

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14508)

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-4108)

WordPress Plugin Yoast SEO Cross-Site Scripting (21.0)

Microsoft SQL Server Other Vulnerability (CVE-2000-1086)

Drupal Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2022-29248)

Severity

High

Classification

CVE-2014-2736 CWE-138

Tags

Missing Update Known Vulnerabilities