BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/.
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41417.json", "cna_assigner": "mitre" }
{ "source": "REFERENCES" }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41417.json"