Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Telerik UI for ASP.NET AJAX RadAsyncUpload Enabled #308
A new flaw has been found in Telerik UI for ASP.NET AJAX (CVE-2019-18935), which can allow for RCE. Due to the fact that there doesn't appear to be possible to reliably determine the version of the software being used, it's not possible to determine if it is vulnerable.
We can however, tell if the key feature is enabled, by sending a get to
The other option would be to build out a full exploit, but that could be too complex / slow to be reasonable. We will take the approach that we should warn if this is found at all, and let the user dig into it manually (we can save time by pointing it out, but we can't do everything for them.)