Published: 06/06/2014 Updated: 09/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC prior to 13.1.10 and 13.2.x prior to 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
devexpress aspxfilemanager control for webforms and mvc 10.2.3
devexpress aspxfilemanager control for webforms and mvc 11.1.12
devexpress aspxfilemanager control for webforms and mvc 11.1.5
devexpress aspxfilemanager control for webforms and mvc 11.1.4
devexpress aspxfilemanager control for webforms and mvc 11.2.7
devexpress aspxfilemanager control for webforms and mvc 11.2.5
devexpress aspxfilemanager control for webforms and mvc 12.1.12
devexpress aspxfilemanager control for webforms and mvc 10.2.8
devexpress aspxfilemanager control for webforms and mvc 10.2.6
devexpress aspxfilemanager control for webforms and mvc 11.1.9
devexpress aspxfilemanager control for webforms and mvc 11.1.8
devexpress aspxfilemanager control for webforms and mvc 11.2.12
devexpress aspxfilemanager control for webforms and mvc 11.2.11
devexpress aspxfilemanager control for webforms and mvc 10.2.5
devexpress aspxfilemanager control for webforms and mvc 10.2.4
devexpress aspxfilemanager control for webforms and mvc 11.1.7
devexpress aspxfilemanager control for webforms and mvc 11.1.6
devexpress aspxfilemanager control for webforms and mvc 11.2.10
devexpress aspxfilemanager control for webforms and mvc 11.2.8
devexpress aspxfilemanager control for webforms and mvc 12.1.7
devexpress aspxfilemanager control for webforms and mvc 12.1.6
devexpress aspxfilemanager control for webforms and mvc 12.2.11
devexpress aspxfilemanager control for webforms and mvc 12.2.10
devexpress aspxfilemanager control for webforms and mvc 13.1.8
devexpress aspxfilemanager control for webforms and mvc 13.1.7
devexpress aspxfilemanager control for webforms and mvc 12.2
devexpress aspxfilemanager control for webforms and mvc 12.1
devexpress aspxfilemanager control for webforms and mvc 10.2.11
devexpress aspxfilemanager control for webforms and mvc 10.2.10
devexpress aspxfilemanager control for webforms and mvc 10.2.9
devexpress aspxfilemanager control for webforms and mvc 11.1.11
devexpress aspxfilemanager control for webforms and mvc 11.1.10
devexpress aspxfilemanager control for webforms and mvc 11.2.14
devexpress aspxfilemanager control for webforms and mvc 11.2.13
devexpress aspxfilemanager control for webforms and mvc 12.1.11
devexpress aspxfilemanager control for webforms and mvc 12.1.10
devexpress aspxfilemanager control for webforms and mvc 12.2.16
devexpress aspxfilemanager control for webforms and mvc 12.2.15
devexpress aspxfilemanager control for webforms and mvc 12.2.6
devexpress aspxfilemanager control for webforms and mvc 12.2.5
devexpress aspxfilemanager control for webforms and mvc 13.2.8
devexpress aspxfilemanager control for webforms and mvc 13.2.7
devexpress aspxfilemanager control for webforms and mvc 10.2
devexpress aspxfilemanager control for webforms and mvc 13.1
devexpress aspxfilemanager control for webforms and mvc 12.1.9
devexpress aspxfilemanager control for webforms and mvc 12.1.8
devexpress aspxfilemanager control for webforms and mvc 12.2.13
devexpress aspxfilemanager control for webforms and mvc 12.2.12
devexpress aspxfilemanager control for webforms and mvc 12.2.4
devexpress aspxfilemanager control for webforms and mvc
devexpress aspxfilemanager control for webforms and mvc 13.2.6
devexpress aspxfilemanager control for webforms and mvc 13.2.5
devexpress aspxfilemanager control for webforms and mvc 13.2
devexpress aspxfilemanager control for webforms and mvc 12.1.5
devexpress aspxfilemanager control for webforms and mvc 12.1.4
devexpress aspxfilemanager control for webforms and mvc 12.2.8
devexpress aspxfilemanager control for webforms and mvc 12.2.7
devexpress aspxfilemanager control for webforms and mvc 13.1.6
devexpress aspxfilemanager control for webforms and mvc 13.1.5
devexpress aspxfilemanager control for webforms and mvc 13.1.4
devexpress aspxfilemanager control for webforms and mvc 11.2
devexpress aspxfilemanager control for webforms and mvc 11.1

Advisory: Directory Traversal in DevExpress ASPNET File Manager During a penetration test RedTeam Pentesting discovered a directory traversal vulnerability in DevExpress' ASPNET File Manager and File Upload Attackers are able to read arbitrary files by specifying a relative path Details ======= Product: DevExpress ASPxFileManager Control for ...

DevExpress ASPNET File Manager versions 102 through 1328 suffer from a directory traversal vulnerability ...

CWE-22 http://www.securityfocus.com/bid/67902 https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager http://seclists.org/fulldisclosure/2014/Jun/24 http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2 http://osvdb.org/show/osvdb/107742 http://www.exploit-db.com/exploits/33700 http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html http://www.securityfocus.com/archive/1/532304/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/33700/

CVE-2014-2575

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect