CVE-2017-11357
CVE-2017-11357
In short
A file upload feature in Progress Telerik UI for ASP.NET AJAX doesn't properly validate user input, allowing attackers to upload malicious files or run arbitrary code on the server.
Technical detail
CVE-2017-11357 affects RadAsyncUpload in Progress Telerik UI for ASP.NET AJAX versions before R2 2017 SP2. The vulnerability stems from insufficient input validation on file uploads (CWE-434), enabling remote attackers to bypass file type restrictions and upload executable files or scripts that execute with application privileges. No authentication is required; exploitation can lead to complete server compromise.
Summary generated and translated by AI from the official description.
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/43874/unverifiedexploitdbwww.exploit-db.com/exploits/43874unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →