CVE-2017-11357

Name of the Vulnerable Software and Affected Versions Progress Telerik UI for ASP.NET AJAX versions prior to R2 2017 SP2

Description The issue is related to insufficient input validation in the RadAsyncUpload component, allowing remote attackers to perform arbitrary file uploads or execute arbitrary code. This can be exploited by a remote attacker to gain unauthorized access or execute malicious code.

Recommendations For versions prior to R2 2017 SP2, update to R2 2017 SP2 or later to resolve the issue. As a temporary workaround, consider restricting access to the RadAsyncUpload component to minimize the risk of exploitation.