Directory Traversal and Remote Code Execution Vulnerability in BlogEngine.NET 3.3.7.0 and Earlier

Directory Traversal and Remote Code Execution Vulnerability in BlogEngine.NET 3.3.7.0 and Earlier

CVE-2019-10719 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishandled, related to /api/upload and BlogEngine.NET/AppCode/Api/UploadController.cs. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.

Learn more about our Api Penetration Testing.