cbcvebase.
CVE-2014-2217
published 2014-12-25

CVE-2014-2217: Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote…

PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.72%
88.4th percentile
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value.

Affected

2 ranges
VendorProductVersion rangeFixed in
gfiarchiver< 15.215.2
progresstelerik_ui_for_asp.net_ajax<= 2014.3.1209
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.