PT-2023-24333 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: Blogengine.net versions 3.3.8.0 and earlier Description: The issue is related to an Open Redirect. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue...

PT-2023-18733 · Unknown · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET version 3.3.8.0 Description: An Improper Access Control issue allows unauthenticated visitors to access the files of unpublished blogs. Recommendations: For BlogEngine.NET version 3.3.8.0, at the moment, there is no information...

CVE-2022-41418

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2022-28921

A Cross-Site Request Forgery CSRF vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server...

CVE-2018-14485

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd...