CVE-2017-11357 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-11357 PUBLISHED CVSS 9.8 CRITICAL

Reported by mitre · Published August 23, 2017

Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Risk Scores

CVSS v3.1

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a

Timeline

Aug 23, 2017 CVE Published
May 17, 2020 PoC Published
Apr 14, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
May 20, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Jan 26, 2023 CISA KEV Added

References

43874 exploitx_refsource_EXPLOIT-DB
x_refsource_CONFIRM
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11357 url

Open in Interactive Console →