CVE-2016-10037

Name of the Vulnerable Software and Affected Versions MODX Revolution versions prior to 2.5.2-pl

Description The issue allows remote attackers to perform local file inclusion, traversal, and manipulation via a crafted id (also known as dir) parameter in the /connectors/index.php file. This is related to the browser/directory/getlist functionality.

Recommendations For MODX Revolution versions prior to 2.5.2-pl, update to version 2.5.2-pl or later to resolve the issue. As a temporary workaround, consider restricting access to the /connectors/index.php file or disabling the id parameter to minimize the risk of exploitation.