DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/dnnsoftware/Dnn.Platform/releases | Release Notes |
https://www.dnnsoftware.com/community/security/security-center | Vendor Advisory |
Configurations
History
03 Mar 2023, 20:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-07-03 17:15
Updated : 2023-12-10 12:59
NVD link : CVE-2018-18325
Mitre link : CVE-2018-18325
CVE.ORG link : CVE-2018-18325
JSON object : View
Products Affected
dnnsoftware
- dotnetnuke
CWE
CWE-326
Inadequate Encryption Strength