Description

Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.

Remediation

References

CVE-2014-2736

Related Vulnerabilities

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7930)

WordPress Plugin Image Photo Gallery Final Tiles Grid Cross-Site Scripting (3.4.18)

WordPress 2.8.3 Admin Password Reset Security Bypass Vulnerability (0.6.2 - 2.8.3)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7711)

WordPress Plugin MyBookTable Bookstore by Author Media Unspecified Vulnerability (2.1.4)

Severity

High

Classification

CVE-2014-2736 CWE-138

Tags

Missing Update Known Vulnerabilities