BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Blogengine
  • Blogengine.net

Configuration 1 [-]

cpe:2.3:a:blogengine:blogengine.net:3.3.8.0:*:*:*:*:*:*:*
References
Link Resource
https://gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95 Third Party Advisory
https://github.com/BlogEngine/BlogEngine.NET/commit/7f927567db94462ffd37e128c0a53c11c1f81a8d Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-18T00:00:00

Updated: 2023-01-18T00:00:00

Reserved: 2022-09-26T00:00:00

Link: CVE-2022-41417

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-01-18T14:15:10.793

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-41417

JSON object: View

cve-icon Redhat Information

No data.

CWE