CVE-2023-33404

CRITICAL

BlogEngine.Net <3.3.8.0 - RCE

Title source: llm

Description

An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code.

Exploits (1)

nomisec WRITEUP

by hacip · poc

https://github.com/hacip/CVE-2023-33404

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://github.com/hacip/CVE-2023-33404

Scores

CVSS v3 9.8

EPSS 0.8201

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

blogengine/blogengine.net < 3.3.8.0

Published Jun 26, 2023

Tracked Since Feb 18, 2026