EDB-43874
webappsaspx
Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Arbitrary File Upload
CVE-2017-11357CVE-2017-11317
Paul Taylor1/24/2018
CISA已知被利用漏洞
Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
所需操作:
Apply updates per vendor instructions.
截止日期:
2023-02-16
已知勒索软件使用
描述
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
AI分析AI驱动
受影响产品
telerikui_for_asp.net_ajax
可用漏洞利用 (1)
参考资料
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-referenceMitigationVendor Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-referenceMitigationVendor Advisory
- https://www.exploit-db.com/exploits/43874/ExploitThird Party AdvisoryVDB Entry
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11357