CVE

GHSA-x2rg-fmcv-crq5

DNN (aka DotNetNuke) has Remote Code Execution via a cookie

CVE

GHSA-x2rg-fmcv-crq5

DNN (aka DotNetNuke) has Remote Code Execution via a cookie

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

8.8

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8

3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2017-9822, https://github.com/advisories/GHSA-x2rg-fmcv-crq5, http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html, http://www.dnnsoftware.com/community/security/security-center, http://www.securityfocus.com/bid/102213

Severity

8.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

8.8

EPSS Probability

0.94293%

EPSS Percentile

0.99937%

Introduced Version

0,6.0.0,7.2.0

Fix Available

9.1.1,9.1.1.129,9.1.0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-x2rg-fmcv-crq5