BlogEngine 3.3 XML External Entity Injection
- Date Published:2019-01-11
- Last Updated:2019-01-11
- Version Affected: BlogEngine 3.3
BlogEngine.NET is a free and open source blog system. Since 2008, the blog has carried out Chinese localization based on BlogEngine.NET and made efforts to promote and apply it in China.
BlogEngine 3.3 has XML external entity injection vulnerability. An attacker can exploit the vulnerability to achieve the attack.
Currently, the vendor has issued an upgrade patch to fix the vulnerability. The patch is available at https://blogengine.io/