CyberSec.Space Logo
Back to CVE Browser

CVE-2018-18325

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score66.6310%
EPSS Percentile94.23th
PublishedJul 3, 2019
Last ModifiedNov 7, 2025

Vulnerability Description

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

Affected Platforms (CPE)

πŸ“¦
Dnnsoftware

Dotnetnuke

>= 9.2 and <= 9.2.2

References & Advisories

πŸ”— http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
πŸ”— https://github.com/dnnsoftware/Dnn.Platform/releases
πŸ”— https://www.dnnsoftware.com/community/security/security-center
πŸ”— http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
πŸ”— https://github.com/dnnsoftware/Dnn.Platform/releases
πŸ”— https://www.dnnsoftware.com/community/security/security-center
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325

Related Vulnerabilities

CVE-2006-360110.0

** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attack...

CVE-2015-27949.8

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser a...

CVE-2019-193929.8

The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new ...

CVE-2018-91269.8

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently disco...