Description

The Telerik UI component for ASP.NET AJAX processes user input directly without modification or validation, an attack can result in arbitrary file uploads and remote code execution.

It was not confirmed that remote code execution is possible, this alert was issued based on the version of the Telerik UI component.

Remediation

Upgrade to the latest version of Telerik.Web.UI for ASP.NET AJAX, and follow the guidance in the RadAsyncUpload Security Guide (https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security).

References

Related Vulnerabilities