CRITICAL 10.0 NuGet
DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite
GHSA-3m8r-w7xg-jqvw · CVE-2025-64095
Published · Modified
Description
Summary
The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files.
Description
An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads.
Ready to move
Start Securing
Free, no credit card | First findings in minutes