CVE-2017-1000067

NONE EPSS 61.9%
Published Jul 17, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 17, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.

Threat Intelligence

EPSS Exploit Probability
61.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 37

VendorProductVersionRange
modxrevolution2.0.0any
modxrevolution2.0.0any
modxrevolution2.0.0any
modxrevolution2.0.0any
modxrevolution2.0.1any
modxrevolution2.1.0any
modxrevolution2.1.0any
modxrevolution2.1.1any
modxrevolution2.1.1any
modxrevolution2.1.2any
modxrevolution2.1.3any
modxrevolution2.1.4any
modxrevolution2.1.5any
modxrevolution2.2.0any
modxrevolution2.2.0any
modxrevolution2.2.0any
modxrevolution2.2.0any
modxrevolution2.2.1any
modxrevolution2.2.2any
modxrevolution2.2.3any
modxrevolution2.2.4any
modxrevolution2.2.5any
modxrevolution2.2.6any
modxrevolution2.2.7any
modxrevolution2.2.8any
modxrevolution2.2.9any
modxrevolution2.3.0any
modxrevolution2.3.1any
modxrevolution2.4.0any
modxrevolution2.4.1any
modxrevolution2.5.0any
modxrevolution2.5.1any
modxrevolution2.5.2any
modxrevolution2.5.3any
modxrevolution2.5.4any
modxrevolution2.5.5any
modxrevolution2.5.6any

References 1

  • github.com https://github.com/modxcms/revolution/blob/9bf1c6cf7bdc12190b404f93ce7798b39c07bc59/core/xpdo/changelog.txt
    Release NotesThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.