Description
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5823 Vulnerability (CVE-2013-5823)
PostgreSQL Resource Management Errors Vulnerability (CVE-2007-4772)
WordPress Plugin Theme Editor Arbitrary File Download (2.5)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1476)
markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2022-21670)