CVE-2017-11357

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution. Vendor/Product: Telerik User Interface (UI) for ASP.NET AJAX. Added to CISA KEV 2023-01-26; required action: Apply updates per vendor instructions.