CVE-2015-4670

DevExpress AJAX Control Toolkit < 15.0 - Path Traversal and Arbitrary File Write

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.

References (2)

Core 2

Scores

EPSS 0.0191
EPSS Percentile 77.3%

Details

CWE
CWE-22
Status published
Products (1)
devexpress/ajax_control_toolkit < 15.0
Published Aug 18, 2015
Tracked Since Feb 18, 2026