High severity8.8NVD Advisory· Published Jul 17, 2017· Updated Jun 17, 2026
CVE-2017-1000067
CVE-2017-1000067
Description
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
modx/revolutionPackagist | >= 2.0.0, < 2.6.0 | 2.6.0 |
Affected products
38cpe:2.3:a:modx:revolution:2.0.0:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:modx:revolution:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.1.0:p12:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.1.1:p12:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:modx:revolution:2.5.6:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-phhm-6pgm-mxw9ghsaADVISORY
- github.com/modxcms/revolution/blob/9bf1c6cf7bdc12190b404f93ce7798b39c07bc59/core/xpdo/changelog.txtnvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-1000067ghsaADVISORY
- github.com/modxcms/revolution/blob/2.x/core/xpdo/changelog.txtghsaWEB
News mentions
0No linked articles in our index yet.