CVE-2017-11357βTelerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
PUBLISHEDvulnerability record
2023-01-26 Β· last modified June 21, 2025
Metadata
Vulnerability Name
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
Description
Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
Known To Be Used in Ransomware Campaigns?
Action
Apply updates per vendor instructions.