CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-9126

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.837

EPSS Ranking 99.2%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 5.0

References

http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html
https://www.exploit-db.com/exploits/44414/
http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html
https://www.exploit-db.com/exploits/44414/

Products affected by CVE-2018-9126

Zldnn » Dnnarticle » Version: 11

cpe:2.3:a:zldnn:dnnarticle:11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-9126

Products

Pricing

Contact Us