Remote Code Execution (RCE) Affecting dotnetnuke.core Open this link in a new tab package, versions [,9.1.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
22 Sep 2021
16 Oct 2018
How to fix?
DotNetNuke.Core to version 9.1.1 or higher.
DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). A malicious user can decode an identification cookie to possibly impersonate a user, and in some cases, upload malicious code to the server.
Note: The only vulnerable cookie that has been discovered so far is rarely used.
DNN Advisory title:
2017-08 (Critical) Possible remote code execution on DNN sites