Description

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.

Remediation

References

CVE-2016-10038

Related Vulnerabilities

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1582)

WordPress Plugin wpForo Forum Cross-Site Scripting (2.1.8)

Apache Tomcat Configuration Vulnerability (CVE-2010-4312)

WordPress Plugin Featured Post with thumbnail Unspecified Vulnerability (1.4)

SharePoint Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-31950)

Severity

High

Classification

CVE-2016-10038 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities