Preise Enterprise

CVE-2018-15812

7.5HIGH

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

Veröffentlicht: 7/3/2019Aktualisiert: 11/21/2024

Auf NVD ansehen Auf MITRE ansehen

Beschreibung

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

KI-AnalyseKI-gestützt

Betroffene Produkte

dnnsoftwaredotnetnuke

Verfügbare Exploits (1)

remotewindowsVERIFIED

DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)

CVE-2018-18326CVE-2018-18325CVE-2018-15812+2 more

Metasploit4/16/2020

Referenzen

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
ExploitThird Party AdvisoryVDB Entry
https://github.com/dnnsoftware/Dnn.Platform/releases
Release Notes
https://www.dnnsoftware.com/community/security/security-center
Vendor Advisory
http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
ExploitThird Party AdvisoryVDB Entry
https://github.com/dnnsoftware/Dnn.Platform/releases
Release Notes
https://www.dnnsoftware.com/community/security/security-center
Vendor Advisory