CVE-2017-11357: Telerik UI for ASP.NET AJAX Insecure Direct Object
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability. Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
- CISA KEV-listed (remediation due 2023-02-16)
- used in ransomware campaigns
- EPSS 93.7% (99.9% percentile)