Vulnerabilities > CVE-2019-10718 - XXE vulnerability in Dotnetblogengine Blogengine.Net
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 |
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/153364/blogengine336337-xxe.txt |
id | PACKETSTORM:153364 |
last seen | 2019-06-22 |
published | 2019-06-20 |
reporter | Aaron Bishop |
source | https://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html |
title | BlogEngine.NET 3.3.6 / 3.3.7 XML Injection |
References
- http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html
- http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html
- https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks
- https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks