Lucene search
Veracode Vulnerability DatabaseVERACODE:25765HistoryJun 25, 2020 - 8:57 a.m.
Insecure Direct Object Reference
2020-06-2508:57:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
0.952 High
EPSS
Percentile
99.3%
telerik.web.ui is vulnerable to insecure direct object reference. User input is not validated and used directly by RadAsyncUpload without modification or validation. This can potentially result in arbitrary file uploads and executino of arbitrary code.
Related
attackerkb
attackerkb
cisa_kev
cisa_kev
Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability
2023-01-26 00:00:00
nvd
nvd
cvelist
cvelist
prion
prion
Code injection
2017-08-23 17:29:00
Deserialization of untrusted data
2019-12-11 13:15:00
Deserialization of untrusted data
2021-12-22 06:15:00
cve
cve
exploitpack
exploitpack
Telerik UI for ASP.NET AJAX 2012.3.1308 2017.1.118 - Arbitrary File Upload
2018-01-24 00:00:00
nessus
nessus
Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities
2018-03-02 00:00:00
Telerik UI for ASP.NET AJAX RadAsyncUpload Multiple Vulnerabilities
2020-07-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Telerik UI Arbitrary File Upload (CVE-2017-11317; CVE-2017-11357)
2020-07-13 00:00:00
thn
thn
exploitdb
exploitdb
githubexploit
githubexploit
Exploit for Inadequate Encryption Strength in Telerik Ui For Asp.Net Ajax
2018-01-09 13:53:57
Exploit for Deserialization of Untrusted Data in Telerik Ui For Asp.Net Ajax
2020-05-29 07:29:52
ics
ics
Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers
2023-06-15 12:00:00
Hitachi ABB Power Grids eSOMS Telerik
2021-03-18 12:00:00