EDB-43874
webappsaspx
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
CVE-2017-11357CVE-2017-11317
Paul Taylor1/24/2018
CVE-2017-11357
9.8CRITICALProgress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary co
Publicado: 8/23/2017Atualizado: 10/22/2025
Vulnerabilidade Explorada Conhecida (CISA)
Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
Ação Necessária:
Apply updates per vendor instructions.
Prazo:
2023-02-16
Uso Conhecido de Ransomware
Descrição
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Análise IADesenvolvido por IA
Produtos Afetados
telerikui_for_asp.net_ajax
Exploits Disponíveis (1)
Referências
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-referenceMitigationVendor Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-referenceMitigationVendor Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11357