CVE-2014-5370

BlueDragon < 7.1.1 - Path Traversal via CFChart Servlet QUERY_STRING

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5370. PoCs published by Portcullis.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in the BlueDragon CFChart servlet to retrieve arbitrary files from the server. The vulnerability can also lead to unintended file deletion under certain conditions.

Description

Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Portcullis · textwebappscfm
https://www.exploit-db.com/exploits/36815

This exploit leverages a directory traversal vulnerability in the BlueDragon CFChart servlet to retrieve arbitrary files from the server. The vulnerability can also lead to unintended file deletion under certain conditions.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: New Atlanta BlueDragon CFChart Servlet 7.1.1.17759
No auth needed
Prerequisites: Network access to the target server · CFChart servlet exposed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Apr/49
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36815/
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/119527

Scores

EPSS 0.0751
EPSS Percentile 93.7%

Details

CWE
CWE-22
Status published
Products (1)
new_atlanta/bluedragon < 7.1.1
Published Apr 21, 2015
Tracked Since Feb 18, 2026