Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DotNetNuke CMS 9.4.4 Zip Directory Traversal

🗓️ 24 Feb 2020 00:00:00Reported by Sajjad PouraliType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 239 Views

DotNetNuke CMS 9.4.4 Zip Slip Directory Traversal CVE-2020-518

Related
Code
ReporterTitlePublishedViews
Family
CNVD		DNN Path Traversal Vulnerability
25 Feb 202000:00
cnvd
CNVD		DNN Code Issue Vulnerability
25 Feb 202000:00
cnvd
CVE		CVE-2020-5187
24 Feb 202014:22
cve
CVE		CVE-2020-5188
24 Feb 202014:20
cve
Cvelist		CVE-2020-5187
24 Feb 202014:22
cvelist
Cvelist		CVE-2020-5188
24 Feb 202014:20
cvelist
EUVD		EUVD-2022-2427
3 Oct 202520:07
euvd
EUVD		EUVD-2022-5367
3 Oct 202520:07
euvd
Github Security Blog		DNN Path Traversal via Zip Slip
24 May 202217:09
github
Github Security Blog		DNN File Upload Vulnerability
24 May 202217:09
github
Rows per page
`# Exploit Title: Zip Slip vulnerability  
# Date: 23 Feb 2020  
# Exploit Author: Sajjad Pourali  
# Vendor Homepage: http://dnnsoftware.com/  
# Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.4.4/DNN_Platform_9.4.4_Install.zip  
# Version: => 9.4.4  
# CVE : CVE-2020-5187  
# More Info: https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175  
  
In a nutshell, Zip Slip is a kind of “directory traversal” attack, which exploits lack of directory names check while extracting archives. Using this vulnerability attacker may overwrite files with specific extensions on the system and may execute malicious code.  
  
The zip file extraction function of DNN file upload feature is vulnerable to zip split until 9.5 version (9.5 is not vulnerable).  
  
An attacker could replace any files with following extension on system -  
  
“jpg, jpeg, jpe, gif, bmp, png, svg, ttf, eot, woff, doc, docx, xls, xlsx, ppt, pptx, pdf, txt, xml, xsl, xsd, css, zip, rar, template, htmtemplate, ico, avi, mpg, mpeg, mp3, wmv, mov, wav, mp4, webm, ogv”  
  
Ideally, only high privileged user is allowed to upload zip files, but using Vulnerability CVE-2020-5188 — extension bypass(CVE-2020-5188), a normal user can exploit this vulnerability. For example, a normal privileged user can replace CSS files on web application and perform defacement of the website.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Feb 2020 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00709
zip slip vulnerabilitydirectory traversal attackdnn platformfile upload vulnerabilityextension bypassdefacementcve-2020-5187
239