BlogEngine.NET 3.3.7.0 and previous versions allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blogengine blogengine.net |