madskristensen/MiniBlog

Releases0

Stars924

A minimal blog engine using Razor Web Pages

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-9842 ↗	Jun 14, 2019Friday, 14 June 2019, 20:29	—	6.5 MEDIUM
madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.