Vulnerabilities > CVE-2019-10718 - XXE vulnerability in Dotnetblogengine Blogengine.Net

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
dotnetblogengine
CWE-611

Summary

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/153364/blogengine336337-xxe.txt
idPACKETSTORM:153364
last seen2019-06-22
published2019-06-20
reporterAaron Bishop
sourcehttps://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html
titleBlogEngine.NET 3.3.6 / 3.3.7 XML Injection