{"id":"CVE-2019-10720","details":"BlogEngine.NET 3.3.7.0 and earlier allows Directory Traversal and Remote Code Execution via the theme cookie to the File Manager. NOTE: this issue exists because of an incomplete fix for CVE-2019-6714.","modified":"2026-03-14T09:31:55.786902Z","published":"2019-06-21T19:15:09.943Z","references":[{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2019/Jun/26"},{"type":"FIX","url":"https://www.securitymetrics.com/blog/BlogEngineNET-Directory-Traversal-Remote-Code-Execution-CVE-2019-10719-CVE-2019-10720"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/153348/BlogEngine.NET-3.3.6-3.3.7-Theme-Cookie-Directory-Traversal-Remote-Code-Execution.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rxtur/blogengine.net","events":[{"introduced":"0"},{"last_affected":"612164e60f1c47d74e8bdcdf334f8e991d16873b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.7.0"}]}}],"versions":["3.3.5.0","v3.3.6.0","v3.3.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10720.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}