Main Vulnerability Database Exploits ID:6282 - Exploit for Improper security restrictions in UI for ASP.NET AJAX - CVE-2017-11357

ID:6282 - Exploit for Improper security restrictions in UI for ASP.NET AJAX - CVE-2017-11357

Published: June 17, 2021

Vulnerability identifier: #VU9686

Vulnerability risk: High

CVE-ID: CVE-2017-11357

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
UI for ASP.NET AJAX

Link to public exploit:

https://www.exploit-db.com/exploits/43874/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in Progress Telerik User Interface (UI) for ASP.NET AJAX due to use of user-supplied input by RadAsyncUpload without modification or validation. A remote attacker can upload arbitrary files and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 2017.2.711.

ID:6282 - Exploit for Improper security restrictions in UI for ASP.NET AJAX - CVE-2017-11357

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human