Description
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 13980.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2536 Vulnerability (CVE-2019-2536)
WordPress Plugin Fungif The Awesome GIFs Cross-Site Scripting (2.0)
WordPress Plugin WP SVG images Cross-Site Scripting (3.3)
WordPress Plugin Tigris for Salesforce PHP Object Injection (1.1.3)
WordPress Plugin Companion Sitemap Generator Cross-Site Request Forgery (3.6.6)