EDB-48336
remotewindowsVERIFIED
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
CVE-2018-18326CVE-2018-18325CVE-2018-15812+2 more
Metasploit4/16/2020
CVE-2018-15811
7.5HIGHDNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
Published: 7/3/2019Updated: 11/7/2025
CISA Known Exploited Vulnerability
DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.
Required Action:
Apply updates per vendor instructions.
Due Date:
2022-05-03
Description
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
AI AnalysisPowered by AI
Affected Products
dnnsoftwaredotnetnuke
Available Exploits (1)
References
- http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/dnnsoftware/Dnn.Platform/releasesRelease Notes
- https://www.dnnsoftware.com/community/security/security-centerVendor Advisory
- http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/dnnsoftware/Dnn.Platform/releasesRelease Notes
- https://www.dnnsoftware.com/community/security/security-centerVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15811US Government Resource