Filtered by vendor Modx
Subscribe
Total
43 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2736 | 1 Modx | 1 Modx Revolution | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php. | |||||
CVE-2010-5278 | 1 Modx | 1 Modx Revolution | 2024-02-28 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-4883 | 1 Modx | 1 Revolution | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter. |