Date: Sat, 8 Mar 2014 10:51:37 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request: SQL injection in MODX Revolution before 2.2.13 Hello, I'd like to have a CVE for the following issue: http://forums.modx.com/thread/89486/modx-revolution-2-x-sql-injection#dis-post-492046 Release notes for fixed version: http://modx.com/blog/2014/03/07/revolution-2.2.13/ I tried to find the corresponding git commit, but I was not successful. It may be this one: https://github.com/modxcms/revolution/commit/11a913feda16c99703dbf4d27328af888e698c5c but I'm not sure. The bug and the commit indicate no sign of an SQL injection fixed and I am not motivated to dig deeper into the code. However, it is the right file and the right date. cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ