CVE-2013-6953

BlogEngine.NET < 2.8 - Unauthenticated Exposure of Sensitive Information via sioc.axd Request

Title source: llm
STIX 2.1

Description

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.

References (1)

Core 1
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/553166

Scores

EPSS 0.0131
EPSS Percentile 67.1%

Details

CWE
CWE-200
Status published
Products (8)
dotnetblogengine/blogengine.net 1.4.5
dotnetblogengine/blogengine.net 1.5
dotnetblogengine/blogengine.net 1.6
dotnetblogengine/blogengine.net 2.0
dotnetblogengine/blogengine.net 2.5
dotnetblogengine/blogengine.net 2.6
dotnetblogengine/blogengine.net 2.7
dotnetblogengine/blogengine.net < 2.8
Published Jan 03, 2014
Tracked Since Feb 18, 2026