Privilege Escalation Affecting dotnetnuke.core Open this link in a new tab package, versions [,7.4.1)
Exploit Maturity
Proof of concept
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-DOTNET-DOTNETNUKECORE-60264
-
published
5 Aug 2018
-
disclosed
6 Feb 2017
-
credit
Unknown
Introduced: 6 Feb 2017
CVE-2015-2794 Open this link in a new tabOverview
dotnetnuke.core
is an open source web application framework.
Affected versions of this package are vulnerable to Privilege Escalation. An attacker could reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx
.
Remediation
Upgrade dotnetnuke.core
to version 7.4.1 or higher.