CVE-2016-10038

Name of the Vulnerable Software and Affected Versions MODX Revolution versions prior to 2.5.2-pl

Description The issue allows remote attackers to perform local file inclusion, traversal, and manipulation via a crafted dir parameter in the /connectors/index.php file. This is related to browser, directory, and remove functionality.

Recommendations For MODX Revolution versions prior to 2.5.2-pl, update to version 2.5.2-pl or later to resolve the issue. As a temporary workaround, consider restricting access to the /connectors/index.php file to minimize the risk of exploitation. Avoid using the dir parameter in the affected API endpoint until the issue is resolved.