Published: 04/04/2018 Updated: 22/05/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote malicious users to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zldnn dnnarticle 11

############################## 01 ### Advisory Information ### Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnncom Discovered by: Esmaeil Rahimian Severity: Critical 02 ### Vulnerability Information ### OVE-ID: CVE-2018-9126 03 ### Introduction ### DNN Art ...

The DNNarticle module in DotNetNuke version 11 suffers from a directory traversal vulnerability ...

ISP from Mars - bug report Note: This is a totally imaginary internet service provider bug report anyt

CWE-200 http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html https://www.exploit-db.com/exploits/44414/https://nvd.nist.gov https://github.com/CyberPurge/ISP_FROM_MARS-bug_report https://www.exploit-db.com/exploits/44414/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-9126

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect