CVE-2010-5278

NUCLEI

MODx Revolution <2.0.2-pl - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5278. PoCs published by John Leitch. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) and cross-site scripting (XSS) vulnerability in MODx 2.0.2-pl. It includes a proof-of-concept URL demonstrating the LFI via directory traversal but lacks executable exploit code.

Description

Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by John Leitch · textwebappsphp

https://www.exploit-db.com/exploits/34788

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) and cross-site scripting (XSS) vulnerability in MODx 2.0.2-pl. It includes a proof-of-concept URL demonstrating the LFI via directory traversal but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Info Leak | Xss

Complexity

Trivial

Reliability

Theoretical

Target: MODx 2.0.2-pl

No auth needed

Prerequisites: Access to the target MODx installation

MITRE ATT&CK