CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-15811

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.761

EPSS Ranking 98.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

Proposed Action

DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.

Ransomware Campaign

Unknown

References

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
https://github.com/dnnsoftware/Dnn.Platform/releases
https://www.dnnsoftware.com/community/security/security-center
http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
https://github.com/dnnsoftware/Dnn.Platform/releases
https://www.dnnsoftware.com/community/security/security-center

Products affected by CVE-2018-15811

Dnnsoftware » Dotnetnuke » Version: 9.2

cpe:2.3:a:dnnsoftware:dotnetnuke:9.2
Dnnsoftware » Dotnetnuke » Version: 9.2.0

cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.0
Dnnsoftware » Dotnetnuke » Version: 9.2.1

cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-15811

Products

Pricing

Contact Us