Product: MODX Revolution
Vulnerability type: Directory Traversal / SQL Injection
Report date: 2016-Nov-4
Fixed date: 2016-Nov-14
We received notice that there are several vulnerabilities that include a SQL injection and directory traversal. These issues on their own are not critical in nature, however, it could be possible for determined attackers to combine vectors to compromise a site.
All MODX Revolution releases prior to and including 2.5.1
- Upgrade to MODX Revolution 2.5.2 or above.
- Patch available for versions 2.3.3-2.5.2 thanks to Sterc. Versions below 2.3.3 must upgrade.
If you do not know how to upgrade your site there are several support options available. You can contact the developer or builder of your site, ask for help in the MODX Forums, find a MODX Professional or get help from the MODX Services team.
We would like to thank [url=modxclub.ru]Nikolay Lanets<a href=" and Chen Ruiqi from for bringing these issues to our attention and verifying their resolution.
For additional information, please use the http://modx.com/company/contact/MODX Contact Form