PT-2019-9028 · Microsoft · Blogengine.Net

Mustafa Yalassa+-N

·

Published

2019-05-07

·

Updated

2019-05-08

·

CVE-2018-14485

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions BlogEngine.NET version 3.3
Description The issue allows XXE attacks through the POST body to the "metaweblog.axd" endpoint.
Recommendations For BlogEngine.NET version 3.3, consider restricting access to the metaweblog.axd endpoint until a patch is available.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-14485

Affected Products

Blogengine.Net