EDB-48336
remotewindowsVERIFIED
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
CVE-2018-18326CVE-2018-18325CVE-2018-15812+2 more
Metasploit4/16/2020
CVE-2018-18326
7.5HIGHDNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15
Veröffentlicht: 7/3/2019Aktualisiert: 11/21/2024
Beschreibung
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
KI-AnalyseKI-gestützt
Betroffene Produkte
dnnsoftwaredotnetnuke
Verfügbare Exploits (1)
Referenzen
- http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/dnnsoftware/Dnn.Platform/releasesRelease Notes
- https://www.dnnsoftware.com/community/security/security-centerVendor Advisory
- http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/dnnsoftware/Dnn.Platform/releasesRelease Notes
- https://www.dnnsoftware.com/community/security/security-centerVendor Advisory