Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Website With Effected Vulnerability
- https://unsmin.dss.un.org/DependencyHandler.axd/a15b62fe0f6e8c6244e36d1ea5762da3/435/js
- Description
- According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 3.1.x prior to 9.6.0, 5.0.x prior to 9.6.0, 6.0.x prior to 9.6.0, or 7.0.x prior to 9.6.0. It is, therefore, affected by multiple vulnerabilities.
- - Modules that were discarded to the recycle bin were still able to respond to API calls to their endpoints, which could result in data uploads and other interactions that would go unnoticed since the module was not visually displayed. Mitigating Factors This only impacted modules that are using the WebAPI interface following the DNN Security protocols (which is a smaller subset of modules). Additionally, interactions are still bound by all other security rules, as if the module was placed on the page. Fix(es) for This Issue An upgrade to DNN Platform version 9.5.0 or later is required Affected Versions DNN Platform Versions 6.0.0 through 9.4.4 (2020-01)
- - A malicious user may be able to replace or update files with specific file extensions with content of their selection, without being authenticated to the website.
- Fix(es) for This Issue To remediate this issue an upgrade to DNN Platform Version (9.5.0 or later) is required. Affected Versions DNN Platform Versions 5.0.0 through 9.6.0 Acknowledgements The DNN Community thanks the following for identifying the issue and/or working with us to help protect Users Robbert Bosker of DotControl Digital Creatives Related CVE: CVE-2019-19790 (2020-02)
- #GhostSec
- #EyePhuckBitches
- #WhosYourDaddySec
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
