Code injection

2018-04-0419:29:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.965 High

EPSS

Percentile

99.6%

JSON

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.

CPENameOperatorVersion
dnnarticleeq11

CPE	Name	Operator	Version
	dnnarticle	eq	11

References

packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html

www.exploit-db.com/exploits/44414/