Blogengine: >> Blogengine.net >> 3.3.7.0 Security Vulnerabilities
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.
CVSS Score
9.8
EPSS Score
0.843
Published
2023-06-26
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
CVSS Score
6.1
EPSS Score
0.493
Published
2023-06-21
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
CVSS Score
8.8
EPSS Score
0.067
Published
2019-06-21