Description

Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-5278

Related Vulnerabilities

WordPress Plugin WordLift-AI powered SEO-Schema Cross-Site Scripting (3.37.1)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7944)

WordPress Plugin MasterStudy LMS-for Online Courses and Education SQL Injection (3.2.5)

WordPress Plugin Advanced Contact form 7 DB Arbitrary File Upload (1.4.4)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (4.10.7)

Severity

Medium

Classification

CVE-2010-5278 CWE-22

Tags

Missing Update Known Vulnerabilities