VDB
BDU%3A2020-02118
BDU%3A2020-02118
PUBLISHED
CVSS 10 CRITICAL
Уязвимость программного средства Telerik UI для ASP.NET AJAX, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнять произвольную загрузку файлов или выполнить произвольный код
Risk Scores
CVSS 2.0
10
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telerik AD | Telerik UI |
Exploit Intelligence
- Telerik UI for ASP.NET AJAX File upload and .NET deserialisation exploit (CVE-2017-11317, CVE-2017-11357, CVE-2019-18935) (github-poc-repo)
- The insecure deserialization of JSON objects in Telerik UI for ASP.NET results in arbitrary remote code execution. An attacker can break the RadAsyncUpload encryption (or have prior knowledge of your custom encryption keys) and stage a malicious request. Affects: v2011.1.315 - 2017.2.621 without keys v2011.1.315 - 2020.1.114 with encryption keys Big Ups: Markus Wulftange (@mwulftange) && Paul Taylor (@bao7uo) Ref: https://github.com/noperator/CVE-2019-18935 See: https://github.com/bao7uo/RAU_... (nmap-nse)
- kev.json (github-poc)
- data.js (github-poc)
Timeline
- May 15, 2020 CVE Published
- May 17, 2020 PoC Published
- Sep 24, 2024 CVE Updated