Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 8 Mar 2014 10:51:37 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request: SQL injection in MODX Revolution before 2.2.13

Hello,

I'd like to have a CVE for the following issue:
http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection#dis-post-492046

Release notes for fixed version:
http://modx.com/blog/2014/03/07/revolution-2.2.13/

I tried to find the corresponding git commit, but I was not successful.
It may be this one:
https://github.com/modxcms/revolution/commit/11a913feda16c99703dbf4d27328af888e698c5c
but I'm not sure. The bug and the commit indicate no sign of an SQL
injection fixed and I am not motivated to dig deeper into the code.
However, it is the right file and the right date.


cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ