PT-2019-19893 · Miniblog · Miniblog.Core
Published
2019-04-16
·
Updated
2019-07-05
·
CVE-2019-9845
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Miniblog.Core versions prior to 2019-01-16
Description
The issue allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL. This is because the
SaveFilesToDisk function in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension.Recommendations
For versions prior to 2019-01-16, as a temporary workaround, consider disabling the
SaveFilesToDisk function in Controllers/BlogController.cs until a patch is available. Restrict access to the BlogController.cs module to minimize the risk of exploitation. Avoid using the data: URL scheme in IMG elements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Miniblog.Core