Telerik Ui For Asp Net Ajax
CVE-2014-2217
HIGH
Severity by source
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.
AnalysisAI
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value. Affected products include: Progress Telerik Ui For Asp.Net Ajax.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Telerik Ui For Asp Net Ajax
View allAn issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. Rated critical severity (CVSS 9.8), this vul
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with exte
Remote code execution in Progress Telerik UI for ASP.NET AJAX via insecure deserialization in the RadFilter control allo
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may
Uncontrolled resource consumption in Progress Telerik UI for AJAX RadAsyncUpload component allows remote unauthenticated
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today