Back to search
CVE-2014-2575
Published: Jun 6, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
107742
vdb-entry
x_refsource_OSVDB
http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2
x_refsource_CONFIRM
67902
vdb-entry
x_refsource_BID
20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager
mailing-list
x_refsource_FULLDISC
20140605 [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager
mailing-list
x_refsource_BUGTRAQ
33700
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now