Login Sign Up

CVE-2019-19790

9.8 CRITICAL
Path Traversal

📋 TL;DR

CVE-2019-19790 is a path traversal vulnerability in Telerik UI for ASP.NET AJAX's RadChart component that allows remote attackers to read and delete image files on the server. This affects all versions of RadChart, which was discontinued in 2014. Organizations using RadChart in their ASP.NET applications are vulnerable.

💻 Affected Systems

Products:
  • Telerik UI for ASP.NET AJAX RadChart
Versions: All versions
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: RadChart was discontinued in 2014. All installations using the default ChartHttpHandler configuration are vulnerable.

📦 What is this software?

Radchart by Telerik

View all CVEs affecting Radchart →

Telerik Ui For Asp.net Ajax by Progress

View all CVEs affecting Telerik Ui For Asp.net Ajax →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete critical system files or sensitive images, potentially causing service disruption or data loss.

🟠

Likely Case

Attackers read or delete web-accessible image files, potentially exposing sensitive information or defacing websites.

🟢

If Mitigated

If the vulnerable handler is removed, no impact occurs as the attack vector is eliminated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted HTTP requests to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://www.telerik.com/forums/path-traversal-vulnerability-in-radchart-image-handler

Restart Required: No

Instructions:

1. Remove the RadChart HTTP handler from web.config. 2. Find and remove <add verb="*" path="Telerik.Web.UI.ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" validate="false" /> from web.config. 3. Consider migrating to RadHtmlChart as recommended by Telerik.

🔧 Temporary Workarounds

Remove ChartHttpHandler from web.config

windows

Eliminates the vulnerable endpoint by removing the HTTP handler registration

Edit web.config and remove: <add verb="*" path="Telerik.Web.UI.ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" validate="false" />

🧯 If You Can't Patch

  • Implement WAF rules to block requests to Telerik.Web.UI.ChartImage.axd
  • Restrict network access to affected systems and monitor for suspicious file operations

🔍 How to Verify

Check if Vulnerable:

Check web.config for presence of Telerik.Web.UI.ChartHttpHandler registration

Check Version:

Check web.config for RadChart handler configuration

Verify Fix Applied:

Confirm Telerik.Web.UI.ChartHttpHandler is removed from web.config and test that ChartImage.axd endpoint returns 404

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to Telerik.Web.UI.ChartImage.axd with path traversal patterns (../)
  • Unusual file read/delete operations in application logs

Network Indicators:

  • HTTP requests containing ../ sequences targeting ChartImage.axd endpoint

SIEM Query:

source="web_server" AND uri="*ChartImage.axd*" AND (uri="*../*" OR uri="*..\\*")

📊 Metadata

CVE ID: CVE-2019-19790
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: December 13, 2019
Last Updated: June 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-19790, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)