CVE-2015-2794

Name of the Vulnerable Software and Affected Versions DotNetNuke (DNN) versions prior to 7.4.1

Description The issue allows remote attackers to reinstall the application and gain SuperUser access. This is achieved via a direct request to "Install/InstallWizard.aspx", which is an API endpoint. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For versions prior to 7.4.1, update to version 7.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Install/InstallWizard.aspx" endpoint until the update is applied.