CVE-2015-4670 Information
Feb 14, 2021
cve
Description
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.
Reference
http://www.cardinaleconcepts.com/cve-2015-4670-directory-traversal-to-remote-code-execution-in-ajaxcontroltoolkit/ http://www.securityfocus.com/archive/1/535990/100/0/threaded
Share on: