VYPR
High severity7.3NVD Advisory· Published Dec 24, 2016· Updated Jun 17, 2026

CVE-2016-10038

CVE-2016-10038

Description

Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Modx/Revolution2 versions
    cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*range: <=2.5.1-pl
    • (no CPE)range: <2.5.2-pl

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.