Miggo Logo

CVE-2019-9845: MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.74129%
Published
7/5/2019
Updated
1/11/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
MadsKristensen.AspNetCore.Miniblognuget<= 1.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly identifies SaveFilesToDisk in BlogController.cs as the source of improper input validation. The function decodes() base64 data and writes it to disk using a filename derived from user-controlled input (the 'data-filename' attribute). While the current GitHub code shows an allowed extensions check, the vulnerability exists in versions <=1.0.3 where this validation was either absent or insufficient. Attackers could bypass checks by manipulating the filename extension, enabling ASPX file uploads. The link to CVE-2019-9845 and the exploit analysis confirms this mechanism.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

m**skrist*ns*n Mini*lo*.*or* t*rou** ****-**-** *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *SPX *o** vi* *n IM* *l*m*nt wit* * **t*: URL, ****us* S*v**il*sTo*isk in *ontroll*rs/*lo**ontroll*r.*s writ*s * ***o*** **s*** strin* to * *il* wit*out v*li

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s `S*v**il*sTo*isk` in `*lo**ontroll*r.*s` *s t** sour** o* improp*r input v*li**tion. T** *un*tion `***o**s()` **s*** **t* *n* writ*s it to *isk usin* * `*il*n*m*` **riv** *rom us*r-*ontroll** input