BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter.Referenceshttps://github.com/rxtur/BlogEngine.NET/commits/masterhttp://seclists.org/fulldisclosure/2019/Jun/44https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
