Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
References
Link | Resource |
---|---|
https://raw.githubusercontent.com/modxcms/revolution/v2.5.2-pl/core/docs/changelog.txt | Release Notes |
https://github.com/modxcms/revolution/pull/13177 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/95097 | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2016-12-24 03:59
Updated : 2016-12-29 06:28
NVD link : CVE-2016-10038
Mitre link : CVE-2016-10038
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
modx
- modx_revolution