PT-2023-24332 · Unknown · Blogengine.Net
Published
2023-06-26
·
Updated
2023-07-05
·
CVE-2023-33404
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BlogEngine.Net versions 3.3.8.0 and earlier
Description
The issue is related to an Unrestricted Upload vulnerability due to insufficient validation on the
UploadControlled.cs file. This allows remote attackers to execute remote code.Recommendations
For versions 3.3.8.0 and earlier, update to a version that includes proper validation for the
UploadControlled.cs file to prevent remote code execution.
As a temporary workaround, consider restricting access to the UploadControlled.cs file until a patch is available.Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blogengine.Net