PT-2020-18291 · Dnn · Dnn

Published

2020-02-24

Updated

2022-05-24

CVE-2020-5188

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) versions through 9.4.4

Description The issue concerns insecure permissions and a file upload vulnerability via bypassing client-side file extension checks.

Recommendations For versions through 9.4.4, update to a version that addresses the insecure permissions and file upload vulnerability issues. As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation. Avoid using the file upload feature until the issue is resolved.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-669

Related Identifiers

CVE-2020-5188

GHSA-VJCM-J85R-7P68

Affected Products

Dnn

PT-2020-18291 · Dnn · Dnn

CVE-2020-5188

Weakness Enumeration

Related Identifiers

Affected Products

References · 9