CVE-2016-10037

Published December 24th, 2016

View on NVD ↗

CVSS v3

7.3

HIGH

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.

modxcms/revolution

MODX Revolution - Content Management Framework

GitHub

1.4K