{"id":"CVE-2017-1000067","details":"MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.","aliases":["GHSA-phhm-6pgm-mxw9"],"modified":"2026-04-10T03:55:58.529116Z","published":"2017-07-17T13:18:18.127Z","references":[{"type":"ADVISORY","url":"https://github.com/modxcms/revolution/blob/9bf1c6cf7bdc12190b404f93ce7798b39c07bc59/core/xpdo/changelog.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/modxcms/revolution","events":[{"introduced":"0"},{"last_affected":"8d079504c8593e753703e96715ea25d033267b43"},{"introduced":"0"},{"last_affected":"0e5e5c534b6331b504f3b8bffe0c12ef6d5c16b8"},{"introduced":"0"},{"last_affected":"71e9ba36289fd26fa4cbb069487559d54600873a"},{"introduced":"0"},{"last_affected":"4d68f0816acf2647c5825e1c0b61fc2b7af25971"},{"introduced":"0"},{"last_affected":"fb8d42334691f8f4fc4978749bf23921ee6395f0"},{"introduced":"0"},{"last_affected":"7875291411aac5f20b5dc40129292115f4fce9e7"},{"introduced":"0"},{"last_affected":"98b208fdfeec5a9bb3f14becf8696ea8cd7d3774"},{"introduced":"0"},{"last_affected":"c2d47dce567e86438eb5ff3f241adc628c4bb7a4"},{"introduced":"0"},{"last_affected":"9216855284a2da75b022f07e1e20db1401bc2f70"},{"introduced":"0"},{"last_affected":"b5055ec18ad989fa78d66d07ab5e8b660bc08f26"},{"introduced":"0"},{"last_affected":"8be8b6960b2437ec4b7b2d7b2bb3075aef9af2e7"},{"introduced":"0"},{"last_affected":"a7501d6ac99c4bbd187ea400bae9b2ed67c35607"},{"introduced":"0"},{"last_affected":"46d38511080b662afdd1cdb12dcaae8493357cae"},{"introduced":"0"},{"last_affected":"ceab9773d49de9c8bf129e57bf6542652f9fc091"},{"introduced":"0"},{"last_affected":"d91dd6a4675e66fab97a1c5487123d014be332fc"},{"introduced":"0"},{"last_affected":"8608c05ddb6e65c0ecdf585896bc53c0997638cf"},{"introduced":"0"},{"last_affected":"3da428742cbb108212c54edcdd0dbab0067a9389"},{"introduced":"0"},{"last_affected":"7fd91c4ce08b4e45aff85acfe3af692e552164fb"},{"introduced":"0"},{"last_affected":"038670d38f327262827897770a354ca489b3a8f1"},{"introduced":"0"},{"last_affected":"e2dd98878fc0eba193a6f42d4de715cc8a41d805"},{"introduced":"0"},{"last_affected":"9bdcb3f187b61bb670fb1ee33cc1503c267b4aac"},{"introduced":"0"},{"last_affected":"ccd0f149cc0393a24ac0581c1824d1f49a3d74b0"},{"introduced":"0"},{"last_affected":"429427aa5ba35c7e7b09601302442efdeaced534"},{"introduced":"0"},{"last_affected":"d63cc1735422a9c5c51b18a9f21d26bd1f6c390b"},{"introduced":"0"},{"last_affected":"bf40bdb68a5a026e7f29b1aab9b7bed60bc5cc90"},{"introduced":"0"},{"last_affected":"11d155db1dbb1f764f0ed22d100cc080172f6211"},{"introduced":"0"},{"last_affected":"a41de649e9d4884a9ac777d29474234eebd56586"},{"introduced":"0"},{"last_affected":"a293e6c220cba2d83cab9dc7327288bc93e25a69"},{"introduced":"0"},{"last_affected":"c53bcfe70f6c37c47275ac2b02c6e8cfa344038e"},{"introduced":"0"},{"last_affected":"075da1e869e65315a77ec6614b65538378b501ba"},{"introduced":"0"},{"last_affected":"2e3bfe8d6b616d3a832f6f80b02acdeca18c595f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.1"},{"introduced":"0"},{"last_affected":"2.1.0"},{"introduced":"0"},{"last_affected":"2.1.1"},{"introduced":"0"},{"last_affected":"2.1.2"},{"introduced":"0"},{"last_affected":"2.1.3"},{"introduced":"0"},{"last_affected":"2.1.4"},{"introduced":"0"},{"last_affected":"2.1.5"},{"introduced":"0"},{"last_affected":"2.2.0"},{"introduced":"0"},{"last_affected":"2.2.0-rc1"},{"introduced":"0"},{"last_affected":"2.2.0-rc2"},{"introduced":"0"},{"last_affected":"2.2.0-rc3"},{"introduced":"0"},{"last_affected":"2.2.1"},{"introduced":"0"},{"last_affected":"2.2.2"},{"introduced":"0"},{"last_affected":"2.2.3"},{"introduced":"0"},{"last_affected":"2.2.4"},{"introduced":"0"},{"last_affected":"2.2.5"},{"introduced":"0"},{"last_affected":"2.2.6"},{"introduced":"0"},{"last_affected":"2.2.7"},{"introduced":"0"},{"last_affected":"2.2.8"},{"introduced":"0"},{"last_affected":"2.2.9"},{"introduced":"0"},{"last_affected":"2.3.0"},{"introduced":"0"},{"last_affected":"2.3.1"},{"introduced":"0"},{"last_affected":"2.4.0"},{"introduced":"0"},{"last_affected":"2.4.1"},{"introduced":"0"},{"last_affected":"2.5.0"},{"introduced":"0"},{"last_affected":"2.5.1"},{"introduced":"0"},{"last_affected":"2.5.2"},{"introduced":"0"},{"last_affected":"2.5.3"},{"introduced":"0"},{"last_affected":"2.5.4"},{"introduced":"0"},{"last_affected":"2.5.5"},{"introduced":"0"},{"last_affected":"2.5.6"}]}}],"versions":["v2.0.1-pl","v2.0.3-pl","v2.0.4-pl","v2.0.4-pl2","v2.0.5-pl","v2.0.6-pl","v2.0.7-pl","v2.0.8-pl","v2.1.0-pl","v2.1.0-rc1","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-rc4","v2.1.1-pl","v2.1.2-pl","v2.1.3-pl","v2.1.4-pl","v2.1.5-pl","v2.2.0-pl","v2.2.0-pl2","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.2.1-pl","v2.2.10-pl","v2.2.11-pl","v2.2.12-pl","v2.2.13-pl","v2.2.14-pl","v2.2.15-pl","v2.2.2-pl","v2.2.3-pl","v2.2.4-pl","v2.2.5-pl","v2.2.6-pl","v2.2.7-pl","v2.2.8-pl","v2.2.9-pl","v2.3.0-pl","v2.3.1-pl","v2.3.2-pl","v2.3.3-pl","v2.3.4-pl","v2.3.5-pl","v2.3.6-pl","v2.4.0-pl","v2.4.0-rc1","v2.4.1-pl","v2.4.2-pl","v2.5.0-pl","v2.5.0-rc1","v2.5.0-rc2","v2.5.1-pl","v2.5.2-pl","v2.5.3-pl","v2.5.4-pl","v2.5.5-pl","v2.5.6-pl"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000067.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.0.0-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.0-p12"}]},{"events":[{"introduced":"0"},{"last_affected":"2.1.1-p12"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}