New Advisory: modx-0.9.6 http://www.dear-pets.com ???????Summary?????- Software: modx-0.9.6 Sowtware?s Web Site: http://www.modxcms.com Versions: 0.9.6 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: http://www.dear-pets.com ??????Description????? 1. SQL Injection. Vulnerable script: mutate_content.dynamic.php Parameters ?documentDirty?, ?modVariables? is not properly sanitized before being used in SQL query. This can be used to make SQL queries by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off ?????PoC/Exploit???????- Waiting for developer(s) reply. ?????Solution??????? No Patch available. ?????Credit???????? Discovered by: http://www.dear-pets.com
