Description

DNN (DotNetNuke) CMS is a .NET content management system.

DNN uses usafe deserialization for a DNNPersonalization cookie. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. An attacker can leverage this vulnerability to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of DNN

References

Security Center

ysoserial.net

Related Vulnerabilities

Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-3814)

ATutor Improper Authentication Vulnerability (CVE-2014-9753)

Moment.js Uncontrolled Resource Consumption Vulnerability (CVE-2017-18214)

Magento Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2019-8113)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-40605)

Severity

High

Classification

CVE-2017-9822 CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization Acumonitor Known Vulnerabilities