CVE-2019-10720

Sažetak

BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.

Reference

http://packetstormsecurity.com/files/153348/BlogEngine.NET-3.3.6-3.3.7-Theme-Cookie-Directory-Traversal-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2019/Jun/26
https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-06-2020 - 13:48

Objavljeno

21-06-2019 - 19:15