Dnn · Dnnarticle · CVE-2018-9126
**Name of the Vulnerable Software and Affected Versions**
DNNArticle module 11 for DNN
**Description**
The issue allows remote attackers to read the web.config file, which can lead to the discovery of database credentials. This is achieved via the "/GetCSS.ashx/?CP=%2fweb.config" API endpoint.
**Recommendations**
For DNNArticle module 11, consider restricting access to the `/GetCSS.ashx` API endpoint until a patch is available. As a temporary workaround, limit the information disclosed in the web.config file to minimize the risk of exploitation.