Description
DNN (DotNetNuke) CMS is a .NET content management system.
DNN uses usafe deserialization for a DNNPersonalization cookie. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. An attacker can leverage this vulnerability to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of DNN
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)
SAML Consumer Service External Dereference SSRF
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
IBM WebSphere RCE Java Deserialization Vulnerability
WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)