Wednesday, September 29, 2021

Remote Code Execution (RCE) - dotnetnuke.core [,9.1.1)

Overview

DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform.

Affected versions of this package are vulnerable to Remote Code Execution (RCE). A malicious user can decode an identification cookie to possibly impersonate a user, and in some cases, upload malicious code to the server.

Note: The only vulnerable cookie that has been discovered so far is rarely used. DNN Advisory title: 2017-08 (Critical) Possible remote code execution on DNN sites

Remediation

Upgrade DotNetNuke.Core to version 9.1.1 or higher.

References

 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore