New Advisory: modx-0.9.6
http://www.dear-pets.com Summary- Software: modx-0.9.6 Sowtwares Web Site: http://www.modxcms.com Versions: 0.9.6 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: http://www.dear-pets.com Description 1. SQL Injection. Vulnerable script: mutate_content.dynamic.php Parameters documentDirty, modVariables is not properly sanitized before being used in SQL query. This can be used to make SQL queries by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off PoC/Exploit- Waiting for developer(s) reply. Solution No Patch available. Credit Discovered by: http://www.dear-pets.com
