CVE-2014-2575

Devexpress Aspxfilemanager Control For Webforms And Mvc < 13.1.9 - Path Traversal

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2575. PoCs published by RedTeam Pentesting.

AI-analyzed exploit summary The advisory describes a directory traversal vulnerability in DevExpress ASP.NET File Manager (CVE-2014-2575), allowing attackers to read arbitrary files via crafted HTTP POST parameters. The proof-of-concept demonstrates file access using a relative path in the __EVENTARGUMENT parameter.

Description

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.

Exploits (1)

exploitdb WRITEUP

by RedTeam Pentesting · textwebappsasp

https://www.exploit-db.com/exploits/33700

View Code ZIP pw:eip

The advisory describes a directory traversal vulnerability in DevExpress ASP.NET File Manager (CVE-2014-2575), allowing attackers to read arbitrary files via crafted HTTP POST parameters. The proof-of-concept demonstrates file access using a relative path in the __EVENTARGUMENT parameter.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: DevExpress ASPxFileManager v10.2 to v13.2.8

No auth needed

Prerequisites: Access to the File Manager component

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/107742

Vendor Advisory x_refsource_confirm

http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67902

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Jun/24

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/532304/100/0/threaded

Exploit x_refsource_misc

https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33700

Scores

EPSS 0.0733

EPSS Percentile 93.6%

Details

CWE

CWE-22

Status published

Products (50)

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.3

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.4

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.5

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.6

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.8

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.9

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.10

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.11

devexpress/aspxfilemanager_control_for_webforms_and_mvc 11.1

... and 40 more

Published Jun 06, 2014

Tracked Since Feb 18, 2026