漏洞描述
DotNetNuke(DNN)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。DNN 7.4.1之前的版本中的installationwizard存在安全漏洞。远程攻击者可通过向Install/InstallWizard.aspx文件发送直接请求利用该漏洞重新安装应用程序,并获取SuperUser访问权限
DotNetNuke Install界面未授权访问(CVE-2015-2794)
PoC代码
暂无相关漏洞推荐
- POC CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass
- POC CVE-2017-0929: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
- POC CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
- POC CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure
- POC CVE-2025-52488: DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure
- POC CVE-2018-15811: DotNetNuke 9.2 - 9.2.1 - Weak Encryption & Cookie Deserialization
- POC CVE-2018-18325: DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization
- DotNetNuke DreamSlider /DownloadProvider.aspx 路径存在任意文件下载漏洞
- DotNetNuke 输入验证错误漏洞