DotNetNuke Remote Code Execution Vulnerability CVE-2017-9822

Abstract: DotNetNuke (DNN), also known as DNN Evoq and DNN Evoq Engage, is a web-based Content Management System (CMS) developed on the Microsoft® .NET framework. DNN is a web application commonly deployed on local or cloud Microsoft IIS servers. On July 7, 2017, security researchers revealed a vulnerability within DNN versions 5.2.0 through 9.1.0 that allows an attacker to forge valid DNN credentials and execute arbitrary commands on DNN web servers.

Date Published:

Last Reviewed: 08 January 2018

Identifier: IAA-U-OO-102315-18

Creator: Endpoint Vulnerability Solutions

Dissemination Control: N/A

Length: 2 page(s)

Format: pdf

Type: Advisory/Alert; IA Technical Advisory

Tags: Advisory; Microsoft; Web Applications; Vulnerability; Information Assurance Advisory - IAA; Security