VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 14, 2019· Updated Aug 4, 2024

CVE-2019-9842

CVE-2019-9842

Description

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in app_code/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

Root cause

"Missing file extension validation in SaveFilesToDisk allows arbitrary ASPX file upload via crafted data URLs."

Attack vector

An attacker who can create or edit blog posts (authenticated user) crafts an `

Affected code

The vulnerable code is in `SaveFilesToDisk` within `app_code/handlers/PostHandler.cs`. This method extracts the MIME type from a data URL and uses the latter half of the MIME type (e.g., "aspx" from "image/aspx") as the file extension when writing the decoded base64 content to disk, without validating that the extension is a safe image type [ref_id=1].

What the fix does

The advisory does not include a patch diff, but the researcher states a patch was published to GitHub on 2019-03-16 [ref_id=1]. The remediation guidance is to validate the file extension derived from the MIME type, ensuring only safe image extensions (e.g., .gif, .jpeg, .png) are allowed, rather than blindly using the latter half of the MIME type as the extension [ref_id=1].

Preconditions

  • authAttacker must have an authenticated session with the MiniBlog application (valid username/password)
  • inputAttacker must be able to create or edit a blog post (authenticated user role)
  • networkThe application must be reachable over the network

Reproduction

1. Authenticate to the MiniBlog instance. 2. Create a new post and switch the editor to markup mode. 3. Insert an `

Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.