Published: Jan 26, 2011
Information-technology Promotion Agency, Japan (IPA, Chairman Kazumasa Fujie) has issued a security alert concerning security vulnerability in MODx Evolution on January 26, 2011.
This vulnerability allows an attacker to manipulate the database. To fix this vulnerability, update the software to the fixed version provided by the product developer.
MODx Evolution is content management system (CMS) software used to create the websites developed by the MODx CMS Project. MODx Evolution is vulnerable to SQL Injection due to a flaw in the database processing. If exploited, the vulnerability could allow an attacker to manipulate the database.
For the latest information, refer to the following URL:
The vulnerability was reported to IPA in line with the Information Security Early Warning Partnership and released on January 26, 2011, after JPCERT Coordination Center (JPCERT/CC) made adjustments with the product developer.
An attacker could manipulate the MODx Evolution database.
To fix this vulnerability, update the software to the fixed version provided by the product developer.
(CVSS base score)
|CVSS base score||
|AV:Access Vector||□ Local||□ Adjacent
|AC:Access Complexity||□ High||□ Medium||■ Low|
|Au:Authentication||□ Multiple||□ Single||■ None|
|C:Confidentiality Impact||□ None||■ Partial||□ Complete|
|I:Integrity Impact||□ None||■ Partial||□ Complete|
|A:Availability Impact||□ None||■ Partial||□ Complete|
IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)