CVE-2014-2575
NONE EPSS 94.6%
Published Jun 6, 201412y ago · Modified Jun 17, 20262w ago
Published Jun 6, 2014 12y ago
Last Modified Jun 17, 2026 2w ago
Description
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
Threat Intelligence
EPSS Exploit Probability
94.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 62
| Vendor | Product | Version | Range |
|---|---|---|---|
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | * | ≤13.1.9 |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2.3 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2.4 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2.5 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2.6 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2.8 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2.9 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2.10 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 10.2.11 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.4 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.5 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.6 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.7 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.8 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.9 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.10 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.11 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.1.12 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2.5 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2.7 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2.8 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2.10 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2.11 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2.12 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2.13 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 11.2.14 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.4 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.5 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.6 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.7 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.8 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.9 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.10 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.11 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.1.12 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.4 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.5 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.6 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.7 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.8 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.10 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.11 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.12 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.13 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.15 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 12.2.16 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.1 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.1.4 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.1.5 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.1.6 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.1.7 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.1.8 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.2 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.2.5 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.2.6 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.2.7 | any |
| devexpress | aspxfilemanager_control_for_webforms_and_mvc | 13.2.8 | any |
References 8
- osvdb.org http://osvdb.org/show/osvdb/107742
- packetstormsecurity.com http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html
- seclists.org http://seclists.org/fulldisclosure/2014/Jun/24
- security.devexpress.com http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2
- exploit-db.com http://www.exploit-db.com/exploits/33700
- securityfocus.com http://www.securityfocus.com/archive/1/532304/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/67902
- redteam-pentesting.de https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.