icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MODx < 1.0.3 Multiple Vulnerabilities

High

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server is hosting MODx, a content management system written in PHP. The installed version of MODx is earlier than 1.0.3. Such versions are potentially affected by multiple vulnerabilities :

- A cross-site scripting vulnerability in the 'SearchHighlight' plugin. (CVE-2010-1427)

- A SQL-injection vulnerability related to WebLogin. (CVE-2010-1426)

Solution

Upgrade to MODx 1.0.3 or later.