Lucene search
Veracode Vulnerability DatabaseVERACODE:22576HistoryFeb 25, 2020 - 11:03 a.m.
Insecure File Permission
2020-02-2511:03:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
52.2%
dnn.platform is vulnerable to insecure file permission. The vulnerability is possible because of missing whitelisted file extension check for permissible file types for normal user at server side, allowing a low privileged normal user to upload files with extensions which are allowed only for superuser only.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dnn.platform | le | 9.4.0 |
References
packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html
github.com/dnnsoftware/Dnn.Platform/releases
medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175
packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html
Related
osv
osv
DNN File Upload Vulnerability
2022-05-24 17:09:34
CVE-2020-5188
2020-02-24 15:15:11
github
github
DNN File Upload Vulnerability
2022-05-24 17:09:34
packetstorm
packetstorm
DotNetNuke CMS 9.5.0 File Extension Check Bypass
2020-02-24 00:00:00
DotNetNuke CMS 9.4.4 Zip Directory Traversal
2020-02-24 00:00:00
prion
prion
Design/Logic Flaw
2020-02-24 15:15:00
cve
cve
CVE-2020-5188
2020-02-24 15:15:11
cvelist
cvelist
CVE-2020-5188
2020-02-24 14:20:55
nvd
nvd
CVE-2020-5188
2020-02-24 15:15:11