漏洞类别:CGI
漏洞等级: 
漏洞信息
DNN (formerly DotNetNuke) is a web content management system based on Microsoft .NET.
DotNetNuke fails to impose sufficient security restrictions on the installation wizard as a result of which, an unauthenticated attacker can create a new host (administrator) account on the DNN platform. This gives the unauthenticated attacker, ability to access any content stored within the application, make changes to the website and potentially launch further attacks against the system.
Affected Versions:
DotNetNuke 07.04.00 and prior are vulnerable
漏洞危害
Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access to the targeted system.
解决方案
Customers are advised to install DotNetNuke 07.04.01 or later to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论