Vulnerability Details CVE-2013-5117
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/96306
- http://seclists.org/fulldisclosure/2013/Sep/9
- http://www.exploit-db.com/exploits/27602
- http://www.securityfocus.com/bid/61788
- http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx
- http://osvdb.org/96306
- http://seclists.org/fulldisclosure/2013/Sep/9
- http://www.exploit-db.com/exploits/27602
- http://www.securityfocus.com/bid/61788
- http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx
Products affected by CVE-2013-5117
-
cpe:2.3:a:zldnn:dnnarticle:*