CVE-2018-17060
MEDIUMTelerik Extensions for ASP.NET MVC - Info Disclosure
Title source: llmDescription
Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.telerik.com/support/code-library/security-alert-for-the-obsolete-telerik-extensions-for-asp-net-mvc
Scores
CVSS v3
5.3
EPSS
0.0026
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (2)
nuget/TelerikMvcExtensions
0NuGet
progress/telerik_extensions_for_asp.net_mvc
Published
Oct 08, 2018
Tracked Since
Feb 18, 2026