Privilege Escalation Affecting dotnetnuke.core package, versions [,7.4.1)
Snyk CVSS
Exploit Maturity
Mature
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DOTNET-DOTNETNUKECORE-60264
- published 5 Aug 2018
- disclosed 6 Feb 2017
- credit Unknown
Introduced: 6 Feb 2017
CVE-2015-2794 Open this link in a new tabHow to fix?
Upgrade dotnetnuke.core to version 7.4.1 or higher.
Overview
dotnetnuke.core is an open source web application framework.
Affected versions of this package are vulnerable to Privilege Escalation. An attacker could reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.