Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dotnetnuke dotnetnuke vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-19392
The forDNN.UsersExportImport module prior to 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data.
Fordnn Usersexportimport
9.8
CVSSv3
CVE-2018-9126
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote malicious users to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.
Zldnn Dnnarticle 11
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2015-2794
The installation wizard in DotNetNuke (DNN) prior to 7.4.1 allows remote malicious users to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
Dotnetnuke Dotnetnuke
1 EDB exploit
5 Github repositories
8.8
CVSSv3
CVE-2020-5187
DNN (formerly DotNetNuke) up to and including 9.4.4 allows Path Traversal (issue 2 of 2).
Dnnsoftware Dotnetnuke
8.8
CVSSv3
CVE-2017-9822
DNN (aka DotNetNuke) prior to 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
Dnnsoftware Dotnetnuke
13 Github repositories
7.5
CVSSv3
CVE-2021-40186
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the malicious user to exploit the target system to make network requests on their behalf, allowing a rang...
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2018-15811
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 uses a weak encryption algorithm to protect input parameters.
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2018-15812
DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2018-18325
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
Dnnsoftware Dotnetnuke
7.5
CVSSv3
CVE-2018-18326
DNN (aka DotNetNuke) 9.2 up to and including 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Dnnsoftware Dotnetnuke
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »