PR
Added CVE-2019-18935 Template
projectdiscovery/nuclei-templates#14286
/claim #14278
PR Information
- Added CVE-2019-18935
- References:
Template validation
- Validated with a host running a vulnerable version and/or configuration (True Positive)
- Validated with a host running a patched version and/or configuration (avoid False Positive)
Additional Details
Detection Methodology: Behavior-based POC using pre-computed encrypted payloads with default Telerik keys (PrivateKeyForEncryptionOfRadAsyncUploadConfiguration).
| Target State | Response | Match |
|---|---|---|
| Vulnerable (default keys) | Assembly loading error + HTTP 500 | ✅ |
| Patched (>= 2020.1.114) | Type validation error | ❌ |
| Custom keys | Decryption error | ❌ |
Limitation: Requires default Telerik encryption keys. Documented in template description.
Additional References:
Claim
Total prize pool
$100
Total paid
$0
Status
Pending
Submitted
December 08, 2025
Last updated
December 08, 2025
Contributors
KR
KrE80r
@KrE80r
Sponsors
PR
ProjectDiscovery
@projectdiscovery
$100