Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Telerik Web UI Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2014-2217 - Vulnerability Database
Telerik Web UI

Telerik Web UI Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2014-2217

High
Reference: CVE-2014-2217
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-2217
Title: Telerik Web UI Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files and consequently execute arbitrary code via a full pathname in the UploadID metadata value.