Privilege Escalation Affecting dotnetnuke.core package, versions [,7.4.1)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
Exploit Maturity
Mature
EPSS
97.43% (100th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DOTNET-DOTNETNUKECORE-60264
- published 5 Aug 2018
- disclosed 6 Feb 2017
- credit Unknown
Introduced: 6 Feb 2017
CVE-2015-2794 Open this link in a new tabHow to fix?
Upgrade dotnetnuke.core
to version 7.4.1 or higher.
Overview
dotnetnuke.core
is an open source web application framework.
Affected versions of this package are vulnerable to Privilege Escalation. An attacker could reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx
.