Description
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-5851 Vulnerability (CVE-2013-5851)
WordPress Plugin MP3-jPlayer Multiple Cross-Site Scripting Vulnerabilities (1.8.7)
WordPress Plugin WP-Lister Lite for eBay Directory Traversal (2.0.20)
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)
WordPress Plugin Starbox-the Author Box for Humans Cross-Site Scripting (3.0.8)