Description

DNN (DotNetNuke) CMS is a .NET content management system.

DNN uses usafe deserialization for a DNNPersonalization cookie. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. An attacker can leverage this vulnerability to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of DNN

References

Security Center

ysoserial.net

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-3394)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-26595)

Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-5145)

MongoDb Improper Input Validation Vulnerability (CVE-2018-25004)

Beego Framework Improper Certificate Validation Vulnerability (CVE-2024-40464)

Severity

High

Classification

CVE-2017-9822 CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization Acumonitor Known Vulnerabilities