oss-sec mailing list archives

CVE request: SQL injection in MODX Revolution before 2.2.13

From: Hanno Böck <hanno () hboeck de>
Date: Sat, 8 Mar 2014 10:51:37 +0100

Hello,

I'd like to have a CVE for the following issue:
http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection#dis-post-492046

Release notes for fixed version:
http://modx.com/blog/2014/03/07/revolution-2.2.13/

I tried to find the corresponding git commit, but I was not successful.
It may be this one:
https://github.com/modxcms/revolution/commit/11a913feda16c99703dbf4d27328af888e698c5c
but I'm not sure. The bug and the commit indicate no sign of an SQL
injection fixed and I am not motivated to dig deeper into the code.
However, it is the right file and the right date.


cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description:

Current thread:

CVE request: SQL injection in MODX Revolution before 2.2.13 Hanno Böck (Mar 08)
- Re: CVE request: SQL injection in MODX Revolution before 2.2.13 cve-assign (Mar 08)