Description

Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.

Remediation

References

CVE-2014-2736

Related Vulnerabilities

iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.6.1)

WordPress Clickjacking Vulnerability (0.7 - 3.1.2)

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2035)

Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

Severity

High

Classification

CVE-2014-2736 CWE-138

Tags

Missing Update Known Vulnerabilities