CVE-2022-28921

A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...

CVE-2019-10717

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter...

CVE-2019-10721

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx...

CVE-2019-10719

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714...

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

CVE-2023-33404

CVE-2023-33404 affects BlogEngine.Net versions 3.3.8.0 and earlier, due to an Unrestricted Upload vulnerability caused by insufficient validation in the UploadControlled.cs file. This leads to remote code execution by an attacker with network access and no user interaction. The connected sources ...

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

PT-2023-24332 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.Net versions 3.3.8.0 and earlier Description: The issue is related to an Unrestricted Upload vulnerability due to insufficient validation on the UploadControlled.cs file. This allows remote attackers to execute remote code...

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code...

CVE-2023-33405

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect...

CVE-2023-33405

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect...

CVE-2023-33405

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect...

Open redirect

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect...

CVE-2023-33405

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect...

CVE-2023-33405

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect...

CVE-2023-33405

Blogengine.net v3.3.8.0 and earlier are affected by an Open Redirect vulnerability. The issue arises from an open redirect vector via the years parameter, allowing unauthenticated attackers to redirect users to malicious sites (phishing). Remediation: update to the latest Blogengine.net CMS versi...

CVE-2023-22858

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs...

CVE-2023-22856

A stored Cross-site Scripting XSS vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file...