dnn.platform is vulnerable to insecure file permission. The vulnerability is possible because of missing whitelisted file extension check for permissible file types for normal user at server side, allowing a low privileged normal user to upload files with extensions which are allowed only for superuser only.
CPE | Name | Operator | Version |
---|---|---|---|
dnn.platform | le | 9.4.0 |
packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html
github.com/dnnsoftware/Dnn.Platform/releases
medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175
packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html