CVE-2014-2736
published 2014-04-24CVE-2014-2736: Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.26%
65.9th percentile
Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modx | modx_revolution | <= 2.2.13 | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
| modx | modx_revolution | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MODX Revolution up to 2.0.8 index.php ID sql injection (ID 13032 / XFDB-92718)
vuldb·2026-05-12·CVSS 7.5
CVE-2014-2736 [HIGH] MODX Revolution up to 2.0.8 index.php ID sql injection (ID 13032 / XFDB-92718)
A vulnerability was found in MODX Revolution up to 2.0.8. It has been classified as critical. This affects an unknown function of the file index.php. The manipulation of the argument ID leads to sql injection.
This vulnerability is listed as CVE-2014-2736. The attack may be initiated remotely. In addition, an exploit is available.
Upgrading the affected component is recommended.
GHSA
GHSA-8pfj-j2w8-xjmh: Multiple SQL injection vulnerabilities in MODX Revolution before 2
ghsa_unreviewed·2022-05-13
CVE-2014-2736 [HIGH] CWE-89 GHSA-8pfj-j2w8-xjmh: Multiple SQL injection vulnerabilities in MODX Revolution before 2
Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2014-04/0124.htmlhttp://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injectionhttp://secunia.com/advisories/58036http://www.securityfocus.com/bid/66990http://archives.neohapsis.com/archives/bugtraq/2014-04/0124.htmlhttp://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injectionhttp://secunia.com/advisories/58036http://www.securityfocus.com/bid/66990
2014-04-24
Published