Arbitrary file upload in DotNetNuke

#VU25723 Arbitrary file upload in DotNetNuke

Published: 2020-03-02 | Updated: 2021-10-20

Vulnerability identifier: #VU25723

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-5188

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DotNetNuke
Web applications / CMS

Vendor: DNN

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insecure permissions issue. A remote authenticated attacker can bypass the client-side validation and upload files with extensions which are allowed only for superuser only.

Mitigation
Install update from vendor's website.

Vulnerable software versions

DotNetNuke: 9.0.0 - 9.4.4

External links
http://packetstormsecurity.com/files/156484/DotNetNuke-CMS-9.5.0-File-Extension-Check-Bypass.html
http://github.com/dnnsoftware/Dnn.Platform/releases
http://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in DNN (DotNetNuke)