Description
Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Download Manager Cross-Site Scripting (2.9.93)
Django Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-31542)
WordPress Plugin WP Statistics SQL Injection (12.6.6.1)
SharePoint CVE-2019-1260 Vulnerability (CVE-2019-1260)
PrestaShop Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-7491)