Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to AjaxFileUploadHandler.axd.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DevExpress AJAX Control Toolkit 目录遍历漏洞
Vulnerability Description
DevExpress AJAX Control Toolkit(又名AjaxControlToolkit)是美国DevExpress公司的一个ASP.NET WebForms的扩展控件工具包。 DevExpress AJAX Control Toolkit 15.1之前版本的AjaxFileUpload控件中存在目录遍历漏洞,该漏洞源于AjaxFileUploadHandler.axd文件没有充分过滤‘fileId’参数。远程攻击者可借助目录遍历字符‘..’利用该漏洞写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A