CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-9126

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0100%
EPSS Percentile27.05th
Published2018年4月4日
Last Modified2024年11月21日

Vulnerability Description

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.

Affected Platforms (CPE)

📦
Zldnn

Dnnarticle

= 11

References & Advisories

🔗 http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html
🔗 https://www.exploit-db.com/exploits/44414/
🔗 http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html
🔗 https://www.exploit-db.com/exploits/44414/

関連する脆弱性情報

CVE-2013-51177.5

SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...