PT-2019-12011 · Blogengine · Blogengine.Net

Publicado

2019-07-03

Atualizado

2019-07-10

CVE-2019-10721

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions BlogEngine.NET version 3.3.7.0

Description The issue allows for a Client Side URL Redirect via the ReturnUrl parameter. This is related to the files Security.cs, login.aspx, and register.aspx in the BlogEngine/BlogEngine.Core/Services/Security directory.

Recommendations For BlogEngine.NET version 3.3.7.0, consider restricting access to the ReturnUrl parameter in login.aspx and register.aspx to minimize the risk of exploitation. Avoid using the ReturnUrl parameter in these pages until the issue is resolved.

Exploit

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2019-10721

Produtos afetados

Blogengine.Net

PT-2019-12011 · Blogengine · Blogengine.Net

CVE-2019-10721

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4