PT-2020-12600 · Progress+1 · Telerik Ui For Silverlight+1

Published

2020-03-31

Updated

2020-04-02

CVE-2020-11414

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Progress Telerik UI for Silverlight versions prior to 2020.1.330

Description An issue was discovered in the RadUploadHandler class in RadUpload for Silverlight, where a crafted web request could result in uploads to arbitrary locations. The uploading file location should be inside the directory where the upload handler class is defined, but before version 2020.1.330, this expectation could be bypassed.

Recommendations For versions prior to 2020.1.330, update to version 2020.1.330 or later to resolve the issue. As a temporary workaround, consider restricting access to the RadUploadHandler class to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-11414

Affected Products

Radupload

Telerik Ui For Silverlight

PT-2020-12600 · Progress+1 · Telerik Ui For Silverlight+1

CVE-2020-11414

Weakness Enumeration

Related Identifiers

Affected Products

References · 4