VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 24, 2014· Updated May 6, 2026

CVE-2014-2736

CVE-2014-2736

Description

Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.

Affected products

28
  • Modx/Revolution28 versions
    cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*+ 27 more
    • cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*range: <=2.2.13
    • cpe:2.3:a:modx:modx_revolution:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:modx:modx_revolution:2.2.12:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.