Dotnetblogengine » Blogengine.net : Security Vulnerabilities, CVEs, Published In 2019 (Code Execution)
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
Max CVSS
8.8
EPSS Score
3.52%
Published
2019-06-21
Updated
2019-06-23
1 vulnerabilities found