Arbitrary Code Execution Vulnerability in BlogEngine.NET v3.3.8.0 via Crafted PNG File Upload

Arbitrary Code Execution Vulnerability in BlogEngine.NET v3.3.8.0 via Crafted PNG File Upload

CVE-2022-41418 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

Learn more about our Api Penetration Testing.