EDB-43874
webappsaspx
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
CVE-2017-11357CVE-2017-11317
Paul Taylor1/24/2018
CVE-2017-11357
9.8CRITICALProgress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary co
Veröffentlicht: 8/23/2017Aktualisiert: 10/22/2025
CISA Bekannte Ausgenutzte Schwachstelle
Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
Erforderliche Maßnahme:
Apply updates per vendor instructions.
Fälligkeitsdatum:
2023-02-16
Bekannte Ransomware-Nutzung
Beschreibung
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
KI-AnalyseKI-gestützt
Betroffene Produkte
telerikui_for_asp.net_ajax
Verfügbare Exploits (1)
Referenzen
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-referenceMitigationVendor Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-referenceMitigationVendor Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11357