← Back

CVE-2013-6953

nvd nist
Published: Jan 3, 2014Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.

Affected (8)

Dotnetblogengine
1 product
Blogengine.net
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Dotnetblogengine
Blogengine.net
Up to 2.8
Blogengine.net
Version 1.4.5
Blogengine.net
Version 1.5
Blogengine.net
Version 1.6
Blogengine.net
Version 2.0
Blogengine.net
Version 2.5
Blogengine.net
Version 2.6
Blogengine.net
Version 2.7

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: cret@cert.org
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource

Timeline

No history available yet.