PT-2017-4164 · Dnn · Dnn

Publicado

2017-07-05

·

Atualizado

2025-02-12

·

CVE-2017-9822

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions DNN (aka DotNetNuke) versions prior to 9.1.1
Description The issue is related to insufficient protection of cookies, which can be exploited to gain unauthorized access to protected information and execute arbitrary code. This can be achieved remotely.
Recommendations For versions prior to 9.1.1, update to version 9.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive cookies to minimize the risk of exploitation.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-94

Identificadores relacionados

BDU:2021-05680
CVE-2017-9822
GHSA-X2RG-FMCV-CRQ5

Produtos afetados

Dnn