Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DNN CMS Server-Side Request Forgery (SSRF)
Vulnerability Description
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
DNN 代码问题漏洞
Vulnerability Description
DNN(又名DotNetNuke)是美国DNN公司的一套由微软支持、基于ASP.NET平台的开源内容管理系统(CMS)。该系统具有易于安装、可扩展、功能丰富等特点。 DNN 9.10.0版本到9.10.2版本存在代码问题漏洞,该漏洞源于应用对图像上传组件中用户提供的输入的验证不足。远程攻击者可以发送特制的 HTTP 请求利用该漏洞访问位于本地网络中的敏感数据或从易受攻击的系统向其他服务器发送恶意请求。
CVSS Information
N/A
Vulnerability Type
N/A