Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2010-5278)

Description

Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.

Remediation

References

Related Vulnerabilities

MediaWiki Resource Management Errors Vulnerability (CVE-2015-8002)

WordPress Plugin Really Simple Gallery Multiple Vulnerabilities (1.4)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.4)

XWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-7223)

GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23640)

Severity

Medium

Classification

CVE-2010-5278 CWE-22

Tags

Missing Update Known Vulnerabilities