CVE-2014-2575

NONE EPSS 94.6%
Published Jun 6, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 6, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.

Threat Intelligence

EPSS Exploit Probability
94.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 62

VendorProductVersionRange
devexpressaspxfilemanager_control_for_webforms_and_mvc* ≤13.1.9
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2any
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2.3any
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2.4any
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2.5any
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2.6any
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2.8any
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2.9any
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2.10any
devexpressaspxfilemanager_control_for_webforms_and_mvc10.2.11any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.4any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.5any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.6any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.7any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.8any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.9any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.10any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.11any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.1.12any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2.5any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2.7any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2.8any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2.10any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2.11any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2.12any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2.13any
devexpressaspxfilemanager_control_for_webforms_and_mvc11.2.14any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.4any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.5any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.6any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.7any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.8any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.9any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.10any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.11any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.1.12any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.4any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.5any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.6any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.7any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.8any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.10any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.11any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.12any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.13any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.15any
devexpressaspxfilemanager_control_for_webforms_and_mvc12.2.16any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.1any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.1.4any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.1.5any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.1.6any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.1.7any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.1.8any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.2any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.2.5any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.2.6any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.2.7any
devexpressaspxfilemanager_control_for_webforms_and_mvc13.2.8any

References 8

  • osvdb.org http://osvdb.org/show/osvdb/107742
  • packetstormsecurity.com http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html
  • seclists.org http://seclists.org/fulldisclosure/2014/Jun/24
    Exploit
  • security.devexpress.com http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2
    Vendor Advisory
  • exploit-db.com http://www.exploit-db.com/exploits/33700
  • securityfocus.com http://www.securityfocus.com/archive/1/532304/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/67902
  • redteam-pentesting.de https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager
    Exploit

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.