Insecure Permissions in DNN Platform by DNN
CVE-2020-5188

6.5MEDIUM

Key Information:

Vendor

Dnnsoftware

Status
Dotnetnuke
Vendor
CVE Published:
24 February 2020

What is CVE-2020-5188?

The DNN Platform (formerly known as DotNetNuke) suffers from a vulnerability that allows attackers to exploit insecure permissions. Specifically, versions up to 9.4.4 are affected, which may enable unauthorized access to sensitive functionalities. This flaw poses a significant risk by potentially allowing attackers to bypass file extension checks, thereby compromising the integrity and security of the application. Users are advised to review their permissions settings and upgrade to patched versions to mitigate the risks associated with this vulnerability.

References

https://github.com/dnnsoftware/Dnn.Platform/releases
x_refsource_MISC
http://packetstormsecurity.com/files/156484/DotNetNuke-CM...
x_refsource_MISC
https://medium.com/%40SajjadPourali/dnn-dotnetnuke-cms-no...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.