Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dev-editor | Dev-editor | 2.0 (including) | 2.0 (including) |
| Dev-editor | Dev-editor | 2.1 (including) | 2.1 (including) |
| Dev-editor | Dev-editor | 2.1a (including) | 2.1a (including) |
| Dev-editor | Dev-editor | 2.2a (including) | 2.2a (including) |
| Dev-editor | Dev-editor | 2.3 (including) | 2.3 (including) |
| Dev-editor | Dev-editor | 2.3.1 (including) | 2.3.1 (including) |
| Dev-editor | Dev-editor | 2.3.2 (including) | 2.3.2 (including) |
| Dev-editor | Dev-editor | 3.0 (including) | 3.0 (including) |