CVE-2018-18325
CVE-2018-18325
In short
DNN (DotNetNuke) versions 9.2 to 9.2.2 use weak encryption to protect input parameters, making it easier for attackers to decrypt and manipulate sensitive data sent between the application and users.
Technical detail
CWE-326 identifies inadequate encryption strength in parameter protection. Attackers can intercept and decrypt input parameters due to weak cryptographic algorithms, potentially leading to parameter manipulation and unauthorized access. This is a regression from an incomplete remediation of CVE-2018-15811.
Summary generated and translated by AI from the official description.
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48336unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.htmlhttps://github.com/dnnsoftware/Dnn.Platform/releaseshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325https://www.dnnsoftware.com/community/security/security-center