Skip to main content

Blogengine Net CVE-2019-10718

HIGH
Improper Restriction of XML External Entity Reference (CWE-611)
2019-06-21 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 21, 2019 - 19:15 nvd
HIGH 7.5

DescriptionNVD

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.

AnalysisAI

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs. Affected products include: Dotnetblogengine Blogengine.Net.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Disable external entity processing in XML parsers, use JSON instead of XML where possible.

CVE-2023-33404 CRITICAL POC
9.8 Jun 26

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net vers

CVE-2019-6714 CRITICAL POC
9.8 Mar 21

An issue was discovered in BlogEngine.NET through 3.3.6.0. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2022-25591 CRITICAL POC
9.1 May 13

BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to del

CVE-2019-10720 HIGH POC
8.8 Jun 21

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File

CVE-2019-10719 HIGH POC
8.8 Jun 21

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution because file creation is mishand

CVE-2019-11392 HIGH POC
7.5 Jun 21

BlogEngine.NET 3.3.7 and earlier allows XXE via an apml file to syndication.axd. Rated high severity (CVSS 7.5), this vu

CVE-2019-10717 HIGH POC
7.1 Jul 03

BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter. Rated high severity (CVSS 7.1

CVE-2022-28921 MEDIUM POC
6.5 May 18

A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers

CVE-2023-33405 MEDIUM POC
6.1 Jun 21

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability

CVE-2019-10721 MEDIUM POC
6.1 Jul 03

BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.C

CVE-2022-36600 MEDIUM POC
4.8 Sep 02

BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/ap

CVE-2022-41418 HIGH
7.2 Dec 19

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows at

Share

CVE-2019-10718 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy