CVE-2020-11414

HIGH

Telerik UI for Silverlight < 2020.1.330 - Path Traversal via RadUploadHandler

Title source: llm
STIX 2.1

Description

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0104
EPSS Percentile 59.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (1)
telerik/ui_for_silverlight < 2020.1.330
Published Mar 31, 2020
Tracked Since Feb 18, 2026