CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-9822

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score40.7830%
EPSS Percentile98.71th
Published2017年7月20日
Last Modified2026年4月21日

Vulnerability Description

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

Affected Platforms (CPE)

📦
Dnnsoftware

Dotnetnuke

< 9.1.1

References & Advisories

🔗 http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
🔗 http://www.dnnsoftware.com/community/security/security-center
🔗 http://www.securityfocus.com/bid/102213
🔗 http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
🔗 http://www.dnnsoftware.com/community/security/security-center
🔗 http://www.securityfocus.com/bid/102213
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9822

関連する脆弱性情報

CVE-2006-360110.0

** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attack...

CVE-2015-27949.8

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser a...

CVE-2019-193929.8

The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new ...

CVE-2018-91269.8

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently disco...