漏洞描述
DotNetNuke(DNN)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。DNN 7.4.1之前的版本中的installationwizard存在安全漏洞。远程攻击者可通过向Install/InstallWizard.aspx文件发送直接请求利用该漏洞重新安装应用程序,并获取SuperUser访问权限
DotNetNuke Install界面未授权访问(CVE-2015-2794)
PoC代码
暂无相关漏洞推荐
- POC metabase-installer-exposure: Metabase Installer - Exposure
- wordpress-install: WordPress Exposed Installation
- POC CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass
- POC CVE-2017-0929: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
- POC CVE-2017-17736: Kentico - Installer Privilege Escalation
- POC CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
- POC CVE-2024-11972: Hunk Companion < 1.9.0 - Unauthenticated Plugin Installation
- POC CVE-2024-9707: Hunk Companion <= 1.8.4 - Arbitrary Plugin Installation
- POC CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure
- POC CVE-2018-0171: Cisco Smart Install - Configuration Download
- POC CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure
- POC azure-vm-endpoint-protection-missing: Azure VM Endpoint Protection Not Installed
- POC avideo-install: AVideo Installer - Detect