CVE-2020-5187

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) versions 9.4.4 and earlier

Description The issue allows Path Traversal via unsafe handling of zip files. This means that an attacker could potentially access files outside the intended directory structure by manipulating the zip file handling mechanism.

Recommendations For versions 9.4.4 and earlier, consider restricting access to zip file handling functionality until a patch is available. As a temporary workaround, avoid using the zip file handling feature in DNN (formerly DotNetNuke) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.