Path Traversal Vulnerability in Telerik UI for ASP.NET AJAX
CVE-2014-2217

Currently unrated

Key Information:

Vendor: Telerik
Status: Ui For Asp.net Ajax
Vendor: CVE Published:; 25 December 2014

What is CVE-2014-2217?

The Telerik UI for ASP.NET AJAX prior to Q3 2012 SP2 is susceptible to an absolute path traversal vulnerability in the RadAsyncUpload control. This flaw enables remote attackers to manipulate the UploadID metadata to specify arbitrary paths, leading to unauthorized file writes on the server. If exploited, this could allow attackers to execute arbitrary code, potentially compromising the entire system's integrity.

References

http://itq.nl/arbitrary-file-write-in-telerik-ui-for-asp-...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2014
Vulnerability Reserved
Feb 26, 2014