Published: 06/02/2017 Updated: 02/03/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 756

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The installation wizard in DotNetNuke (DNN) prior to 7.4.1 allows remote malicious users to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dotnetnuke dotnetnuke

# Exploit Title: DotNetNuke 070400 Administration Authentication Bypass # Date: 06-05-2016 # Exploit Author: Marios Nicolaides # Vendor Homepage: wwwdnnsoftwarecom/ # Software Link: dotnetnukecodeplexcom/releases/view/611324 # Version: 070400 # Tested on: Microsoft Windows 7 Professional (64-bit) # Contact: mariosnicolaides@ ...

Exploit Title: DotNetNuke Administration Authentication Bypass templates githubcom/projectdiscovery/nuclei-templates/blob/fcd3d55a60c8d8b61395e6056e83a6b08268cc11/http/cves/2015/CVE-2015-2794yaml Step 1: /Install/InstallWizardaspx?__VIEWSTATE= Step 2: Fill all infor Step 3: CLick continue if it don't work, just add &culture=en-US&executeinstall o

NSE plugin for Nmap that scans a DotNetNuke (DNN) web application for an Administration Authentication Bypass vulnerability (CVE-2015-2794, EDB-ID: 39777).

DNN_CVE-2015-2794 NSE plugin for Nmap that scans a DotNetNuke (DNN) web application for an Administration Authentication Bypass vulnerability (CVE-2015-2794, EDB-ID: 39777)

Exploit Title: DotNetNuke Administration Authentication Bypass templates githubcom/projectdiscovery/nuclei-templates/blob/fcd3d55a60c8d8b61395e6056e83a6b08268cc11/http/cves/2015/CVE-2015-2794yaml Step 1: /Install/InstallWizardaspx?__VIEWSTATE= Step 2: Fill all infor Step 3: CLick continue if it don't work, just add &culture=en-US&executeinstall o

CVE-2015-2794 auto finder

CVE-2015-2794-finder automatic script grab the CVE-2015-2794 How to use ? python exploitpy author Create by Wilson :)

Exploit Title: DotNetNuke Administration Authentication Bypass templates githubcom/projectdiscovery/nuclei-templates/blob/fcd3d55a60c8d8b61395e6056e83a6b08268cc11/http/cves/2015/CVE-2015-2794yaml Step 1: /Install/InstallWizardaspx?__VIEWSTATE= Step 2: Fill all infor Step 3: CLick continue if it don't work, just add &culture=en-US&executeinstall o

CWE-264 https://www.exploit-db.com/exploits/39777/https://dotnetnuke.codeplex.com/releases/view/615317 http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue http://www.dnnsoftware.com/community/security/security-center http://www.securityfocus.com/bid/96373 https://nvd.nist.gov https://www.exploit-db.com/exploits/39777/https://github.com/styx00/DNN_CVE-2015-2794

CVE-2015-2794

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect