Path Traversal and Local File Inclusion Vulnerability in BlogEngine.NET

Path Traversal and Local File Inclusion Vulnerability in BlogEngine.NET

CVE-2019-6714 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user.

Learn more about our User Device Pen Test.