AjaxControlToolkit is vulnerable to a directory traversal. A GUID fileId
containing a temporary path is generated when a file is uploaded. This GUID is not validated and allows an attacker to modify the path to contain ../
characters and write the uploaded file to arbitrary locations on the file system, which could lead to remote code execution if a .aspx
file is written to a web directory.
CPE | Name | Operator | Version |
---|---|---|---|
ajaxcontroltoolkit | le | 8.0.0 |