Blogengine.net Security Vulnerabilities and Issues — Blogengine.net CVE List

Lucene search

BlogengineBlogengine.net

5 matches found

CVE•added 2019/03/21 4:1 p.m.•87 views

CVE-2019-6714

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an ...

9.8CVSS9.1AI score0.24252EPSS

CVE•added 2022/05/13 3:15 p.m.•68 views

CVE-2022-25591

BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request.

9.1CVSS9.1AI score0.09744EPSS

CVE•added 2023/01/18 2:15 p.m.•51 views

CVE-2022-41417

BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.

9.8CVSS9.3AI score0.0007EPSS

CVE•added 2023/06/26 8:15 p.m.•51 views

CVE-2023-33404

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.

9.8CVSS9.5AI score0.84342EPSS

CVE•added 2019/05/07 6:29 p.m.•41 views

CVE-2018-14485

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.

9.8CVSS9.2AI score0.217EPSS