Devexpress : Security Vulnerabilities, CVEs, Published In 2015 (Directory traversal)
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.
Max CVSS
6.4
EPSS Score
0.40%
Published
2015-08-18
Updated
2018-10-09
1 vulnerabilities found