Description
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordLift-AI powered SEO-Schema Cross-Site Scripting (3.37.1)
WordPress Plugin MasterStudy LMS-for Online Courses and Education SQL Injection (3.2.5)
WordPress Plugin Advanced Contact form 7 DB Arbitrary File Upload (1.4.4)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.10.7)