BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153348/BlogEngine.NET-3.3.6-3.3.7-Theme-Cookie-Directory-Traversal-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Jun/26 | Mailing List Third Party Advisory |
https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-21T18:13:16
Updated: 2019-06-21T18:14:41
Reserved: 2019-04-02T00:00:00
Link: CVE-2019-10720
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-21T19:15:09.943
Modified: 2020-06-29T13:48:41.267
Link: CVE-2019-10720
JSON object: View
Redhat Information
No data.
CWE