Security issue in ImageEditor that allows saving the image in an up-level folder

Thread is closed for posting
1 posts, 0 answers
  1. Telerik Admin
    Telerik Admin avatar
    1572 posts
    Member since:
    Oct 2004

    Posted 26 Feb 2014 Link to this post

    The RadImageEditor control allowed saving image files (.png/.jpg/.gif) to an up-level folder on the server when the built-in storing of files is used. This issue did not affect implementations based on the content provider paragidm. It has been fixed since the Q1 2014 release of Telerik UI for ASP.NET AJAX (version 2014.1.225).

    If you are using an older version of the controls and you do not wish to upgrade, there are two approaches that you can take in order to resolve the security issue:

Back to Top