CVE-2022-41418

Published: Dec 19, 2022

Modified: Apr 17, 2025

PUBLISHED

Description

An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/BlogEngine/BlogEngine.NET/commit/7f927567db94462ffd37e128c0a53c11c1f81a8d

https://gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95

https://gist.github.com/tree-chtsec/a02258bb6dea0d16e7e631898c066e05

https://www.chtsecurity.com/news/8719b7f3-1129-4fb4-8801-298970d81df7

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-41418

Description

Affected Products

References