Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) prior to 15.1 allows remote malicious users to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
devexpress ajax control toolkit |