ID:391 - Exploit for Improper access control in DotNetNuke - CVE-2015-2794

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:391 - Exploit for Improper access control in DotNetNuke - CVE-2015-2794

ID:391 - Exploit for Improper access control in DotNetNuke - CVE-2015-2794

Published: March 18, 2020


Vulnerability identifier: #VU336
Vulnerability risk: High
CVE-ID: CVE-2015-2794
CWE-ID: CWE-284
Exploitation vector: Remote access
Vulnerable software:
DotNetNuke

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to gain complete control over vulnerable web application.

The vulnerability exists due to improper access control to DotnetNuke installation script /Install/InstallWizard.aspx. A remote unauthenticated attacker can guess SQL Server instance name and reinstall DotnetNuke application.

Successful exploitation of the vulnerability will allow an attacker to gain complete access to the web application.


Remediation

Update to version 07.04.01.