Lucene search
GoogleOSV:CVE-2019-6714HistoryMar 21, 2019 - 4:01 p.m.
CVE-2019-6714
2019-03-2116:01:09
Google
osv.dev
7
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| blogengine.net | eq | 3.3.6.0 | |
| blogengine.net | eq | 3.3.5.0 |
Related
packetstorm
packetstorm
BlogEngine.NET 3.3.6 Directory Traversal / Remote Code Execution
2019-02-12 00:00:00
BlogEngine.NET 3.3.7 Directory Traversal / Remote Code Execution
2019-06-18 00:00:00
cve
cve
nvd
nvd
prion
prion
Path traversal
2019-03-21 16:01:00
Directory traversal
2019-06-21 19:15:00
Directory traversal
2019-06-21 19:15:00
cvelist
cvelist
zdt
zdt
exploitpack
exploitpack
BlogEngine.NET 3.3.6 - Directory Traversal Remote Code Execution
2019-02-12 00:00:00
exploitdb
exploitdb
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
2019-02-12 00:00:00
osv
osv
CVE-2019-10720
2019-06-21 19:15:09
CVE-2019-10719
2019-06-21 19:15:09
attackerkb
attackerkb
CVE-2019-10719
2019-06-21 00:00:00