Description

Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.

Remediation

References

CVE-2014-2736

Related Vulnerabilities

Oracle Application Server CVE-2006-0282 Vulnerability (CVE-2006-0282)

Moodle CVE-2011-4301 Vulnerability (CVE-2011-4301)

WordPress Plugin Transposh WordPress Translation Multiple Vulnerabilities (1.0.8.1)

WordPress Plugin MailPoet Newsletters (Previous) Security Bypass (2.8.1)

PHP Other Vulnerability (CVE-2006-4484)

Severity

High

Classification

CVE-2014-2736 CWE-138

Tags

Missing Update Known Vulnerabilities