CVE-2014-2575

Devexpress Aspxfilemanager Control For Webforms And Mvc < 13.1.9 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.

Exploits (1)

exploitdb WRITEUP

by RedTeam Pentesting · textwebappsasp

https://www.exploit-db.com/exploits/33700

View Code ZIP pw:eip

References (8)

Core 8

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/107742

Vendor Advisory x_refsource_confirm

http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67902

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Jun/24

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/532304/100/0/threaded

Exploit x_refsource_misc

https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33700

Scores

EPSS 0.0955

EPSS Percentile 92.9%

Details

CWE

CWE-22

Status published

Products (50)

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.3

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.4

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.5

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.6

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.8

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.9

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.10

devexpress/aspxfilemanager_control_for_webforms_and_mvc 10.2.11

devexpress/aspxfilemanager_control_for_webforms_and_mvc 11.1

... and 40 more

Published Jun 06, 2014

Tracked Since Feb 18, 2026