Published: 03/07/2019 Updated: 03/03/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

DNN (aka DotNetNuke) 9.2 up to and including 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dnnsoftware dotnetnuke

Check Point Reference: CPAI-2018-2429 Date Published: 20 Jul 2023 Severity: High ...

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 500 through 930-RC Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML The expected structure includes a "type" attribute to instruct the server which type of object to create on deserialization The cookie ...

CWE-331 https://github.com/dnnsoftware/Dnn.Platform/releases https://www.dnnsoftware.com/community/security/security-center http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2018-2429.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-15812

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect