CVE-2017-9822

Summary

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

Affected Software

VendorProductVersion RangeStatus
DotNetNukeDotNetNuke CMS Fixed in 9.1.1DotNetNuke CMS Fixed in 9.1.1affected

Weaknesses

  • Remote Code Execution via untrusted deserialization of Xml data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References