CVE-2019-18935CISA KEV: Actively Exploited

Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability

Published Nov 3, 2021·Updated Nov 3, 2021

Description

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.

Public Exploits & PoCs11 found

PoC: CVE-2019-18935

RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.

241

PoC: CVE-2019-18935

[CVE-2019-18935] Telerik UI for ASP.NET AJAX (RadAsyncUpload Handler) .NET JSON Deserialization

10

PoC: Telerik_CVE-2019-18935

TelerikUI Vulnerability Scanner (CVE-2019-18935)

7

PoC: CVE-2019-18935

CVE-2019-18935

5

PoC: CVE_2019_18935

This project for CVE-2019-18935

1

PoC: CVE-2019-18935

Exploit for CVE-2019-18935

PoC: CVE-2019-18935-exploit-study

In-depth study of CVE-2019-18935 affecting Telerik UI for ASP.NET AJAX. Covers .NET deserialization vulnerability, RadAsyncUpload handler, gadget chains, mixed-mode assembly exploitation, and mitigation strategies.

PoC: telerik-scanner-CVE-2019-18935

Telerik CVE-2019-18935 Vulnerability Scanner

PoC: telerik

CVE-2019-18935: Remote Code Execution

PoC: Telerik_CVE-2019-18935

TelerikUI Vulnerability Scanner (CVE-2019-18935)

PoC: Telerik_CVE-2019-18935

TelerikUI Vulnerability Scanner (CVE-2019-18935)

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free