CVE-2015-2794 – dotnetnuke.core

Package

Manager: nuget
Name: dotnetnuke.core
Vulnerable Version: >=0 <7.4.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.92349 pctl0.99717

Details

The installation wizard in DotNetNuke (DNN) allows privilege escalation The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

Metadata

Created: 2018-10-16T19:33:42Z
Modified: 2022-04-26T18:57:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-x8f7-h444-97w4/GHSA-x8f7-h444-97w4.json
CWE IDs: []
Alternative ID: GHSA-x8f7-h444-97w4
Finding: F039
Auto approve: 1