High severity7.3NVD Advisory· Published Dec 24, 2016· Updated Jun 17, 2026
CVE-2016-10039
CVE-2016-10039
Description
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:*range: <2.5.2
- (no CPE)range: <2.5.2-pl
Patches
Vulnerability mechanics
References
3- github.com/modxcms/revolution/pull/13177nvdPatchVendor Advisory
- www.securityfocus.com/bid/95096nvdThird Party AdvisoryVDB Entry
- raw.githubusercontent.com/modxcms/revolution/v2.5.2-pl/core/docs/changelog.txtnvdRelease Notes
News mentions
0No linked articles in our index yet.