BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-21T18:11:57
Updated: 2024-08-04T22:32:00.995Z
Reserved: 2019-04-02T00:00:00
Link: CVE-2019-10719
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-06-21T19:15:09.880
Modified: 2019-06-23T19:32:42.713
Link: CVE-2019-10719
Redhat
No data.