exploitDog

CVE-2017-9822

Опубликовано: 20 июл. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Критический

Описание

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

Ссылки

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.dnnsoftware.com/community/security/security-center
Product
Vendor Advisory
http://www.securityfocus.com/bid/102213
Broken Link
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
http://www.dnnsoftware.com/community/security/security-center
Product
Vendor Advisory
http://www.securityfocus.com/bid/102213
Broken Link
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9822

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*

Версия до 9.1.1 (исключая)

EPSS

Процентиль: 100%

0.94293

Критический

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

CWE-94

Связанные уязвимости

GHSA-x2rg-fmcv-crq5

CVSS3: 8.8

github

больше 7 лет назад

DNN (aka DotNetNuke) has Remote Code Execution via a cookie

EPSS

Процентиль: 100%

0.94293

Критический

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

CWE-94