Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2019-10717

Published: 03/07/2019 Updated: 10/07/2019
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Blogengine.net

Vulnerability Summary

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dotnetblogengine blogengine.net 3.3.7.0

Exploits

Exploit DB: BlogEngine.NET 3.3.6 / 3.3.7 path Directory Traversal
BlogEngineNET versions 336 and 337 suffer from a path directory traversal vulnerability ...

Mailing Lists

Full Disclosure: BlogEngine.NET 3.3.7 and earlier Directory Traversal + Listing
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> BlogEngineNET 337 and earlier Directory Traversal + Listing <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

CWE-22https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirecthttps://github.com/rxtur/BlogEngine.NET/commits/masterhttp://seclists.org/fulldisclosure/2019/Jun/44https://nvd.nist.govhttps://packetstormsecurity.com/files/153421/BlogEngine.NET-3.3.6-3.3.7-path-Directory-Traversal.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook