The installation wizard in DotNetNuke (DNN) allows privilege escalation

GHSA-x8f7-h444-97w4 · CVE-2015-2794

Published Oct 16, 2018 · Modified Dec 2, 2024

Description

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-2794
WEB https://dotnetnuke.codeplex.com/releases/view/615317
ADVISORY https://github.com/advisories/GHSA-x8f7-h444-97w4
WEB https://www.exploit-db.com/exploits/39777
WEB http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue
WEB http://www.dnnsoftware.com/community/security/security-center
WEB http://www.securityfocus.com/bid/96373

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes