A vulnerability classified as critical was found in BlogEngine.NET up to 3.3.7. This vulnerability affects some unknown processing of the file syndication.axd of the component apml File Handler.
The manipulation with an unknown input leads to a privilege escalation vulnerability (XXE). The CWE definition for the vulnerability is CWE-611. As an impact it is known to affect confidentiality, integrity, and availability.
Researchers Daniel Martinez Adan says, then BlogEngine 3.3 is attacked from External Entity Injection method.