Vulnerabilities > Blogengine > Blogengine NET > 3.3.7.0

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-33404 Unrestricted Upload of File with Dangerous Type vulnerability in Blogengine Blogengine.Net
An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.
network
low complexity
blogengine CWE-434
critical
 9.8
9.8
2023-06-21 CVE-2023-33405 Open Redirect vulnerability in Blogengine Blogengine.Net
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
network
low complexity
blogengine CWE-601
6.1
6.1
2019-06-21 CVE-2019-10720 Path Traversal vulnerability in Blogengine Blogengine.Net
BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager.
network
low complexity
dotnetblogengine blogengine CWE-22
6.5
6.5