Blogengine: >> Blogengine.net >> 3.3.7.0 Security Vulnerabilities
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.
CVSS Score
9.8
EPSS Score
0.814
Published
2023-06-26
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
CVSS Score
6.1
EPSS Score
0.321
Published
2023-06-21
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
CVSS Score
8.8
EPSS Score
0.039
Published
2019-06-21