What is CVE-2014-2217?

CVE-2014-2217 is a vulnerability in Progress Telerik_ui_for_asp.net_ajax, classified under Path Traversal. Published 2014-12-25.

Is CVE-2014-2217 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Progress Telerik_ui_for_asp.net_ajax

CVE-2014-2217

Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a fu…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.018 (83.0th percentile) — read the EPSS interpretation.

Affected products

Progress Telerik_ui_for_asp.net_ajax
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

mcgyver5/scrap_

References

cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-2217?: CVE-2014-2217 is a vulnerability in Progress Telerik_ui_for_asp.net_ajax, classified under Path Traversal. Published 2014-12-25.
Is CVE-2014-2217 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.