Description
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-7671)
Oracle HTTP Server Other Vulnerability (CVE-2004-2115)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Request Forgery (4.3.24)
WordPress Plugin Nextend Google Connect Unspecified Vulnerability (1.5.3)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-32621)