Description
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Sajjad Pourali · textwebappsphp
https://www.exploit-db.com/exploits/27602
References (5)
Core 5
Core References
Exploit, Patch exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/27602
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96306
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Sep/9
Patch, Vendor Advisory x_refsource_confirm
http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61788
Scores
EPSS
0.0079
EPSS Percentile
73.9%
Details
CWE
CWE-89
Status
published
Products (1)
zldnn/dnnarticle
< 10.0
Published
Mar 12, 2014
Tracked Since
Feb 18, 2026