CVE-2014-2575

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
devexpressaspxfilemanager_control_for_webforms_and_mvc
𝑥
≤ 13.1.9
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2.3
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2.4
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2.5
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2.6
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2.8
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2.9
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2.10
devexpressaspxfilemanager_control_for_webforms_and_mvc
10.2.11
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.4
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.5
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.6
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.7
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.8
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.9
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.10
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.11
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.1.12
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2.5
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2.7
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2.8
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2.10
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2.11
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2.12
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2.13
devexpressaspxfilemanager_control_for_webforms_and_mvc
11.2.14
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.4
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.5
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.6
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.7
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.8
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.9
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.10
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.11
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.1.12
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.4
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.5
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.6
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.7
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.8
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.10
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.11
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.12
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.13
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.15
devexpressaspxfilemanager_control_for_webforms_and_mvc
12.2.16
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.1
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.1.4
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.1.5
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.1.6
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.1.7
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.1.8
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.2
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.2.5
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.2.6
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.2.7
devexpressaspxfilemanager_control_for_webforms_and_mvc
13.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/show/osvdb/107742
http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html
http://seclists.org/fulldisclosure/2014/Jun/24
http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2
http://www.exploit-db.com/exploits/33700
http://www.securityfocus.com/archive/1/532304/100/0/threaded
http://www.securityfocus.com/bid/67902
https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager
http://osvdb.org/show/osvdb/107742
http://packetstormsecurity.com/files/126953/DevExpress-ASP.NET-File-Manager-13.2.8-Directory-Traversal.html
http://seclists.org/fulldisclosure/2014/Jun/24
http://security.devexpress.com/de7c4756/?id=ff8c1703126f4717993ac3608a65a2e2
http://www.exploit-db.com/exploits/33700
http://www.securityfocus.com/archive/1/532304/100/0/threaded
http://www.securityfocus.com/bid/67902
https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-006/-directory-traversal-in-devexpress-asp-net-file-manager