EDB-48336
remotewindowsVERIFIED
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
CVE-2018-18326CVE-2018-18325CVE-2018-15812+2 more
Metasploit4/16/2020
説明
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
AI分析AIによる分析
影響を受ける製品
dnnsoftwaredotnetnuke
利用可能なエクスプロイト (1)
参照
- http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/dnnsoftware/Dnn.Platform/releasesRelease Notes
- https://www.dnnsoftware.com/community/security/security-centerVendor Advisory
- http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://github.com/dnnsoftware/Dnn.Platform/releasesRelease Notes
- https://www.dnnsoftware.com/community/security/security-centerVendor Advisory