Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blogengine vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-6714
An issue exists in BlogEngine.NET up to and including 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is espe...
Blogengine Blogengine.net
1 EDB exploit
1 Github repository
NA
CVE-2023-33404
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and previous versions allows remote malicious users to execute remote code.
Blogengine Blogengine.net
1 Github repository
NA
CVE-2023-33405
Blogengine.net 3.3.8.0 and previous versions is vulnerable to Open Redirect.
Blogengine Blogengine.net
1 Github repository
7.5
CVSSv2
CVE-2014-4736
SQL injection vulnerability in E2 prior to 2.4 (2845) allows remote malicious users to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
Blogengine E2
1 EDB exploit
6.5
CVSSv2
CVE-2019-10720
BlogEngine.NET 3.3.7.0 and previous versions allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
Blogengine Blogengine.net
NA
CVE-2023-22857
A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.
Blogengine Blogengine.net 3.3.8.0
NA
CVE-2023-22858
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.
Blogengine Blogengine.net 3.3.8.0
NA
CVE-2022-36600
BlogEngine v3.3.8.0 exists to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
Blogengine Blogengine.net 3.3.8.0
4.3
CVSSv2
CVE-2022-28921
A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated malicious users to read arbitrary files on the hosting web server.
Blogengine Blogengine.net 3.3.8.0
6.4
CVSSv2
CVE-2022-25591
BlogEngine.NET v3.3.8.0 exists to contain an arbitrary file deletion vulnerability which allows malicious users to delete files within the web server root directory via a crafted HTTP request.
Blogengine Blogengine.net 3.3.8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »