GHSA-958R-G534-CCMR MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation

madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...

CVE-2019-9842

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in appcode/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension...

Remote Code Execution (RCE)

MadsKristensen.AspNetCore.Miniblog is vulnerable to remote code execution. A remote attacker is able to execute arbitrary ASPX code by uploading a malicious IMG element with a data: URL, which will be executed when the SaveFilesToDisk function in Controllers/BlogController.cs writes a decoded...

CVE-2019-9845

madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...