BlogEngine.NET v3.3.8.0 allows an malicious user to create any folder with "files" prefix under ~/App_Data/.
blogengine blogengine.net 3.3.8.0