Directory Traversal and Remote Code Execution Vulnerability in BlogEngine.NET 3.3.7.0 and Earlier

Directory Traversal and Remote Code Execution Vulnerability in BlogEngine.NET 3.3.7.0 and Earlier

CVE-2019-10720 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.

Learn more about our Web Application Penetration Testing UK.