漏洞描述
DNN(又名DotNetNuke)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。 DotNetNuke 9.1.1之前版本中存在输入验证错误漏洞。远程攻击者可利用该漏洞执行代码。
DotNetNuke 输入验证错误漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass
- POC CVE-2017-0929: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
- POC CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
- POC CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure
- POC CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure
- POC CVE-2018-15811: DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization
- POC CVE-2018-18325: DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
- DotNetNuke Install界面未授权访问(CVE-2015-2794)
- DotNetNuke DreamSlider /DownloadProvider.aspx 路径存在任意文件下载漏洞