Description

Brian Cardinale reported a file upload directory traversal vulnerability that affects the AjaxControlToolkit prior to version 15.1. On a poorly configured web server this vulnerability can lead to remote code execution. The flaw was introduced in version 7.429 which was released on April 30, 2013. The latest vulnerable version is 7.1213.

List of vulnerable versions:

  • 7.1213.0
  • 7.1005.0
  • 7.1002.0
  • 7.930.0
  • 7.725.0
  • 7.607.0
  • 7.429.0

Remediation

It's recommended to upgrade to the latest version of AjaxControlToolkit.

References

CVE-2015-4670: Directory Traversal to Remote Code Execution in AjaxControlToolkit

AJAX Control Toolkit

Related Vulnerabilities

WordPress Plugin WordPress PDF Light Viewer Command Injection (1.4.11)

WordPress Plugin WooCommerce Catalog Enquiry Arbitrary File Upload (3.0.0)

WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.7)

vBulletin 5.x 0day pre-auth RCE

WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)

Severity

High

Classification

CVE-2015-4670 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution Directory Traversal