Remote Code Execution

Affecting madskristensen.aspnetcore.miniblog package, versions [0,]

Do your applications use this vulnerable package? Test your applications

Overview

MadsKristensen.AspNetCore.Miniblog is a blog engine built on ASP.NET Core 2.0.

Affected versions of this package are vulnerable to Remote Code Execution. Attackers can execute arbitrary code using using Data URLs within image elements. This is due to the way the SaveFilesToDisk function in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension first. An attacker can abuse this function to upload malicious ASPX files and achieve remote code execution.

Remediation

A fix was pushed into the master branch but not yet published.

References

CVSS Score

8.1
high severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Credit
Rob
CVE
CVE-2019-9845
CWE
CWE-94
Snyk ID
SNYK-DOTNET-MADSKRISTENSENASPNETCOREMINIBLOG-174341
Disclosed
16 Apr, 2019
Published
16 Apr, 2019