CVE-2014-100015

Solidworks Product Data Management - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/32163

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Mohamed Shetta · pythonremotewindows

https://www.exploit-db.com/exploits/31831

View Code ZIP pw:eip

metasploit WORKING POC GOOD

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/solidworks_workgroup_pdmwservice_file_write.rb

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.com/files/125361

[Exploit] http://www.exploit-db.com/exploits/31831

[Exploit] http://www.exploit-db.com/exploits/32163

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/91518

Scores

EPSS 0.7730

EPSS Percentile 99.0%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

solidworks/product_data_management

Timeline

Published Jan 13, 2015

Tracked Since Feb 18, 2026