DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/dnnsoftware/Dnn.Platform/releases | Release Notes |
https://www.dnnsoftware.com/community/security/security-center | Vendor Advisory |
Configurations
History
03 Mar 2023, 20:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-07-03 17:15
Updated : 2023-12-10 12:59
NVD link : CVE-2018-15811
Mitre link : CVE-2018-15811
CVE.ORG link : CVE-2018-15811
JSON object : View
Products Affected
dnnsoftware
- dotnetnuke
CWE
CWE-326
Inadequate Encryption Strength