CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18325

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.761

EPSS Ranking 98.9%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

Proposed Action

DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.

Ransomware Campaign

Unknown

References

Products affected by CVE-2018-18325

Dnnsoftware » Dotnetnuke » Version: 9.2

cpe:2.3:a:dnnsoftware:dotnetnuke:9.2
Dnnsoftware » Dotnetnuke » Version: 9.2.0

cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.0
Dnnsoftware » Dotnetnuke » Version: 9.2.1

cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.1
Dnnsoftware » Dotnetnuke » Version: 9.2.2

cpe:2.3:a:dnnsoftware:dotnetnuke:9.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-18325

Products

Pricing

Contact Us