Skip to main content

Blogengine Net CVE-2013-6953

MEDIUM
Information Exposure (CWE-200)
2014-01-03 cret@cert.org
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 03, 2014 - 18:55 cve.org
MEDIUM 5.0

DescriptionCVE.org

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.

AnalysisAI

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file. Affected products include: Dotnetblogengine Blogengine.Net.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2023-33404 CRITICAL POC
9.8 Jun 26

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net vers

CVE-2019-6714 CRITICAL POC
9.8 Mar 21

An issue was discovered in BlogEngine.NET through 3.3.6.0. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2022-25591 CRITICAL POC
9.1 May 13

BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to del

CVE-2019-10720 HIGH POC
8.8 Jun 21

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File

CVE-2019-10719 HIGH POC
8.8 Jun 21

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishand

CVE-2019-11392 HIGH POC
7.5 Jun 21

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. Rated high severity (CVSS 7.5), this vu

CVE-2019-10718 HIGH POC
7.5 Jun 21

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Co

CVE-2019-10717 HIGH POC
7.1 Jul 03

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. Rated high severity (CVSS 7.1

CVE-2022-28921 MEDIUM POC
6.5 May 18

A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers

CVE-2023-33405 MEDIUM POC
6.1 Jun 21

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability

CVE-2019-10721 MEDIUM POC
6.1 Jul 03

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.C

CVE-2022-36600 MEDIUM POC
4.8 Sep 02

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/ap

Share

CVE-2013-6953 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy