PT-2019-12008 · Microsoft · Blogengine.Net

Aaron Bishop

Publicado

2019-06-21

Atualizado

2019-06-23

CVE-2019-10718

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlogEngine.NET versions 3.3.7.0 and earlier

Description The issue is related to XML External Entity Blind Injection. It is associated with the pingback.axd endpoint and the BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs file.

Recommendations For BlogEngine.NET versions 3.3.7.0 and earlier, consider disabling the pingback.axd endpoint until a patch is available. Restrict access to the BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs file to minimize the risk of exploitation.

Exploit

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2019-10718

Produtos afetados

Blogengine.Net

PT-2019-12008 · Microsoft · Blogengine.Net

CVE-2019-10718

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4