telerik.web.ui is vulnerable to insecure direct object reference. User input is not validated and used directly by RadAsyncUpload
without modification or validation. This can potentially result in arbitrary file uploads and executino of arbitrary code.