CVE-2019-19790

Name of the Vulnerable Software and Affected Versions Telerik UI for ASP.NET AJAX versions (all versions of RadChart)

Description The issue allows a remote attacker to read and delete specific image files on the server through a specially crafted request, exploiting path traversal in RadChart. The affected image extensions include .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, and .WMF.

Recommendations To resolve the issue, remove RadChart's HTTP handler from the web.config file, specifically the type Telerik.Web.UI.ChartHttpHandler.