Path Traversal Vulnerability in Telerik UI for ASP.NET AJAX RadChart
CVE-2019-19790

9.8CRITICAL

Key Information:

Vendor

Telerik

Status
Radchart
Ui For Asp.net Ajax
Vendor
CVE Published:
13 December 2019

What is CVE-2019-19790?

A path traversal vulnerability exists in the RadChart component of Telerik UI for ASP.NET AJAX, allowing remote attackers to exploit this flaw through specially crafted requests. This vulnerability permits unauthorized access to sensitive image files on the server, including formats such as .BMP, .EXIF, .GIF, .JPEG, .PNG, and others. As RadChart has been discontinued since 2014 in favor of RadHtmlChart, it is vital for users to take immediate action by removing RadChart's HTTP handler from their web.config to safeguard their applications.

References

https://www.telerik.com/forums/path-traversal-vulnerabili...
x_refsource_MISC
https://docs.telerik.com/devtools/aspnet-ajax/controls/ch...
x_refsource_MISC
https://www.telerik.com/forums/-620f6977edef
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.