CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-2794

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile2.58th
Published2017年2月6日
Last Modified2026年5月13日

Vulnerability Description

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

Affected Platforms (CPE)

📦
Dnnsoftware

Dotnetnuke

<= 07.04.00

References & Advisories

🔗 http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue
🔗 http://www.dnnsoftware.com/community/security/security-center
🔗 http://www.securityfocus.com/bid/96373
🔗 https://dotnetnuke.codeplex.com/releases/view/615317
🔗 https://www.exploit-db.com/exploits/39777/
🔗 http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue
🔗 http://www.dnnsoftware.com/community/security/security-center
🔗 http://www.securityfocus.com/bid/96373

相關漏洞威脅

CVE-2006-360110.0

** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attack...

CVE-2018-91269.8

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently disco...

CVE-2019-193929.8

The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new ...

CVE-2020-51878.8

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).