CVE-2014-2575

Name of the Vulnerable Software and Affected Versions DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC versions prior to 13.1.10 DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC versions 13.2.x prior to 13.2.9

Description The issue allows remote authenticated users to read or write arbitrary files. This is achieved by exploiting a directory traversal vulnerability in the File Manager component via a .. (dot dot) in the EVENTARGUMENT parameter.

Recommendations For versions prior to 13.1.10, update to version 13.1.10 or later. For versions 13.2.x prior to 13.2.9, update to version 13.2.9 or later.