Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
References
Link | Resource |
---|---|
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference | Mitigation Vendor Advisory |
https://www.exploit-db.com/exploits/43874/ |
Configurations
History
No history.
Information
Published : 2017-08-23 17:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-11357
Mitre link : CVE-2017-11357
CVE.ORG link : CVE-2017-11357
JSON object : View
Products Affected
telerik
- ui_for_asp.net_ajax
CWE
CWE-20
Improper Input Validation