Description
Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3212 Vulnerability (CVE-2018-3212)
WordPress Plugin WP All Backup Unspecified Vulnerability (1.5)
PHP Other Vulnerability (CVE-2015-4603)
WordPress Plugin iThemes Security (formerly Better WP Security) SQL Injection (7.0.2)
Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-16845)