Directory traversal

2014-06-0614:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.3%

JSON

Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a … (dot dot) in the __EVENTARGUMENT parameter.

CPENameOperatorVersion
aspxfilemanager_control_for_webforms_and_mvceq11.1.5
aspxfilemanager_control_for_webforms_and_mvceq11.1.7
aspxfilemanager_control_for_webforms_and_mvceq12.2
aspxfilemanager_control_for_webforms_and_mvceq11.2.13
aspxfilemanager_control_for_webforms_and_mvcle13.1.9
aspxfilemanager_control_for_webforms_and_mvceq12.1.4
aspxfilemanager_control_for_webforms_and_mvceq12.1.7
aspxfilemanager_control_for_webforms_and_mvceq10.2.10
aspxfilemanager_control_for_webforms_and_mvceq11.2.11
aspxfilemanager_control_for_webforms_and_mvceq13.2.5

Name	Operator	Version
aspxfilemanager_control_for_webforms_and_mvc	eq	11.1.5
aspxfilemanager_control_for_webforms_and_mvc	eq	11.1.7
aspxfilemanager_control_for_webforms_and_mvc	eq	12.2
aspxfilemanager_control_for_webforms_and_mvc	eq	11.2.13
aspxfilemanager_control_for_webforms_and_mvc	le	13.1.9
aspxfilemanager_control_for_webforms_and_mvc	eq	12.1.4
aspxfilemanager_control_for_webforms_and_mvc	eq	12.1.7
aspxfilemanager_control_for_webforms_and_mvc	eq	10.2.10
aspxfilemanager_control_for_webforms_and_mvc	eq	11.2.11
aspxfilemanager_control_for_webforms_and_mvc	eq	13.2.5