QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4670

Published: Aug 18, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.cardinaleconcepts.com/cve-2015-4670-directory-traversal-to-remote-code-execution-in-ajaxcontroltoolkit/

x_refsource_MISC

20150713 CVE-2015-4670 - AjaxControlToolkit File Upload Directory Traversal

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.