3 matches found
CVE-2022-41417
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under /AppData/...
CVE-2022-41417
BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under /AppData/...
CVE-2022-41417
BlogEngine.NET v3.3.8.0 contains a vulnerability that lets an attacker create any folder with a prefix of “files” under ~/App_Data/. The issue stems from improper validation/permissions around folder creation in BlogEngine.NET, enabling unauthorized directory creation. CVSS metrics in the primary...