161 matches found
CVE-2022-41417
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under /AppData/...
CVE-2022-41417
BlogEngine.NET v3.3.8.0 contains a vulnerability that lets an attacker create any folder with a prefix of “files” under ~/App_Data/. The issue stems from improper validation/permissions around folder creation in BlogEngine.NET, enabling unauthorized directory creation. CVSS metrics in the primary...
CVE-2022-41417
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under /AppData/...
CVE-2022-41418
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2022-41418
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
Design/Logic Flaw
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2022-41418
An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...
CVE-2022-41418
The CVE-2022-41418 entry concerns BlogEngine.NET v3.3.8.0, where the vulnerability lies in the UploadController.cs under BlogEngine/BlogEngine.NET/AppCode/Api. Uploading a crafted PNG can lead to arbitrary code execution on the server. The issue is rooted in the file upload handling, enabling rem...
PT-2022-25854 · Unknown · Blogengine.Net
Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs allows attackers to execute arbitrary code via uploading a crafted PNG file. Recommendations: For BlogEngine.NET...
CVE-2022-28921
A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...
CVE-2022-28921
A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...
CVE-2022-28921
CVE-2022-28921 affects BlogEngine.Net v3.3.8.0. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows unauthenticated attackers to read arbitrary files on the hosting web server. The sources consistently describe the issue as CSRF with file-read impact, but a concrete root-cause an...
CVE-2022-28921
A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...
CVE-2022-25591
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request...
CVE-2022-25591
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request...
CVE-2022-25591
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request...
Arbitrary file deletion
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request...
CVE-2022-25591
BlogEngine.NET v3.3.8.0 is affected by an arbitrary file deletion vulnerability that allows an attacker to delete files in the web server root via a crafted HTTP request. The description confirms the affected software and the specific destructive action, but the available documents do not specify...
CVE-2022-25591
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request...