VYPR
Unrated severityNVD Advisory· Published Oct 7, 2012· Updated Jun 16, 2026

CVE-2010-5278

CVE-2010-5278

Description

Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Modx/Revolution2 versions
    cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*range: <=2.0.2
    • (no CPE)range: <=2.0.2-pl

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.