exploitDog

CVE-2018-14485

Опубликовано: 07 мая 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.

Ссылки

http://packetstormsecurity.com/files/151063/BlogEngine-3.3-XML-External-Entity-Injection.html
Third Party Advisory
VDB Entry
https://github.com/rxtur/BlogEngine.NET/commits/master
Third Party Advisory
https://www.exploit-db.com/exploits/46106/
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/151063/BlogEngine-3.3-XML-External-Entity-Injection.html
Third Party Advisory
VDB Entry
https://github.com/rxtur/BlogEngine.NET/commits/master
Third Party Advisory
https://www.exploit-db.com/exploits/46106/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blogengine:blogengine.net:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19745

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-j2c4-rr9q-8j5c

CVSS3: 9.8

github

больше 3 лет назад

BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd.

EPSS

Процентиль: 95%

0.19745

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611