21 Mar 2019
CVE-2019-6714 - CVE Vulnerability
An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user. (CVSS:7.5) (Last Update:2019-03-29)
Vulnerability Details : An issue was discovered in BlogEngine.NET through 3.3.6.0. A path traversal and Local File Inclusion vulnerability in PostList.ascx.cs can cause unauthenticated users to load a PostView.ascx component from a potentially untrusted location on the local filesystem. This is especially dangerous if an authenticated user uploads a PostView.ascx file using the file manager utility, which is currently allowed. This results in remote code execution for an authenticated user. Publish Date : 2019-03-21 Last Update Date : 2019-03-29 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-6714
- Number Of Affected Versions By Product
- References For CVE-2019-6714 | ||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-6714There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |