RSS   Vulnerabilities for 'Blogengine.net'   RSS

2019-05-07
 
CVE-2018-14485

CWE-611
 

 
BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.

 
2019-03-21
 
CVE-2019-6714

CWE-22
 

 
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.

 

 >>> Vendor: Blogengine 2 Products
E2
Blogengine.net


Copyright 2019, cxsecurity.com

 

Back to Top