MadsKristensen.AspNetCore.Miniblog is vulnerable to remote code execution. A remote attacker is able to execute arbitrary ASPX
code by uploading a malicious IMG
element with a data: URL
, which will be executed when the SaveFilesToDisk
function in Controllers/BlogController.cs
writes a decoded base64
string to a file without validation the extension.