CVE-2015-2794
CRITICAL9.8EPSS 92.7%The installation wizard in DotNetNuke (DNN) allows privilege escalation
Published: 10/16/2018Modified: 12/2/2024
Description
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
Affected packages (1)
- NuGet/DotNetNuke.Corefrom 0, < 7.4.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-x8f7-h444-97w4
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-2794
- WEBhttps://dotnetnuke.codeplex.com/releases/view/615317
- WEBhttps://www.exploit-db.com/exploits/39777
- WEBhttp://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue
- WEBhttp://www.dnnsoftware.com/community/security/security-center
- WEBhttp://www.securityfocus.com/bid/96373