The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows malicious users to access the application source code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
devexpress asp.net web forms controls 19.2.3 |