Description
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-in-One WP Migration Multiple Cross-Site Request Forgery Vulnerabilities (7.1)
WordPress Plugin JobBoardWP-Job Board Listings and Submissions Cross-Site Scripting (1.0.7)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4624)
WordPress Plugin WooCommerce Cart Expiration PHP Object Injection (0.1.0)
Oracle Database Server CVE-2006-5337 Vulnerability (CVE-2006-5337)