CVE-2019-10718

BlogEngine.NET 3.3.7.0 and earlier allows XML External Entity Blind Injection, related to pingback.axd and BlogEngine.Core/Web/HttpHandlers/PingbackHandler.cs.

Date published : 2019-06-21

http://packetstormsecurity.com/files/153364/BlogEngine.NET-3.3.6-3.3.7-XML-Injection.html

https://www.securitymetrics.com/blog/blogenginenet-xml-external-entity-attacks