HomePentest-Tools.com Logo

DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution CVE-2017-9822

Severity
CVSSv3 Score
8.8
Vulnerability description

DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade DotNetNuke to a version higher than 9.3.0

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jul 20, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available