CVE-2013-6953
BlogEngine.NET < 2.8 - Unauthenticated Exposure of Sensitive Information via sioc.axd Request
Title source: llmDescription
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/553166
Scores
EPSS
0.0131
EPSS Percentile
67.1%
Details
CWE
CWE-200
Status
published
Products (8)
dotnetblogengine/blogengine.net
1.4.5
dotnetblogengine/blogengine.net
1.5
dotnetblogengine/blogengine.net
1.6
dotnetblogengine/blogengine.net
2.0
dotnetblogengine/blogengine.net
2.5
dotnetblogengine/blogengine.net
2.6
dotnetblogengine/blogengine.net
2.7
dotnetblogengine/blogengine.net
< 2.8
Published
Jan 03, 2014
Tracked Since
Feb 18, 2026