CVE-2020-11414

Published: Mar 31, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.telerik.com/devtools/silverlight/controls/radupload/how-to/secure-upload-file-path

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11414

Description

Affected Products

References