Description
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Remediation
References
Related Vulnerabilities
WordPress Plugin Category Specific RSS feed Subscription Cross-Site Request Forgery (2.0)
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.9)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Security Bypass (1.7.29)
TYPO3 Improper Authentication Vulnerability (CVE-2022-36106)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6627)