cbcvebase.

Dotnetblogengine Blogengine.Net vulnerabilities

6 known vulnerabilities affecting dotnetblogengine/blogengine.net.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2019-10719P2HIGHCVSS 8.8PoC≤ 3.3.7.02019-06-21
CVE-2019-10719 [HIGH] CWE-22 CVE-2019-10719: BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
nvd
CVE-2019-10718P3HIGHCVSS 7.5PoC≤ 3.3.7.02019-06-21
CVE-2019-10718 [HIGH] CWE-611 CVE-2019-10718: BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.a BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.
nvd
CVE-2019-10717P3HIGHCVSS 7.1PoCv3.3.7.02019-07-03
CVE-2019-10717 [HIGH] CWE-22 CVE-2019-10717: BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.
nvd
CVE-2019-11392P3HIGHCVSS 7.5≤ 3.3.72019-06-21
CVE-2019-11392 [HIGH] CWE-611 CVE-2019-11392: BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd.
nvd
CVE-2013-6953P4MEDIUMCVSS 5.0≤ 2.8v1.4.5+6 more2014-01-03
CVE-2013-6953 [MEDIUM] CWE-200 CVE-2013-6953: BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
nvd
CVE-2019-10721P4MEDIUMCVSS 6.1v3.3.7.02019-07-03
CVE-2019-10721 [MEDIUM] CWE-601 CVE-2019-10721: BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to Blo BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx.
nvd
Dotnetblogengine Blogengine.Net vulnerabilities | cvebase