CVE-2015-2794

CRITICAL NUCLEI

DotNetNuke < 7.4.1 - Unauthenticated Application Reinstallation and Privilege Escalation via Install Wizard

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-2794. PoCs published by Marios Nicolaides, wilsc0w, styx00. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a detailed writeup describing an authentication bypass vulnerability in DotNetNuke 07.04.00, where anonymous users can access the installation wizard to create a SuperUser account. The exploit involves manipulating the installation process via URL parameters and form submissions.

Description

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Marios Nicolaides · textwebappsasp
https://www.exploit-db.com/exploits/39777

This is a detailed writeup describing an authentication bypass vulnerability in DotNetNuke 07.04.00, where anonymous users can access the installation wizard to create a SuperUser account. The exploit involves manipulating the installation process via URL parameters and form submissions.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: DotNetNuke 07.04.00
No auth needed
Prerequisites: Access to the installation wizard URL · Knowledge of the SQL database configuration or ability to brute-force it
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by wilsc0w · poc
https://github.com/wilsc0w/CVE-2015-2794-finder

This repository contains a Python script that scans a list of websites for the presence of CVE-2015-2794, a vulnerability in DotNetNuke. The script checks if the target site responds with 'DotNetNuke Installation' when accessing a specific URL path.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: DotNetNuke
No auth needed
Prerequisites: List of target websites
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by styx00 · poc
https://github.com/styx00/DNN_CVE-2015-2794

This repository contains an NSE plugin for Nmap designed to scan DotNetNuke (DNN) web applications for an Administration Authentication Bypass vulnerability (CVE-2015-2794). The plugin automates the detection of the vulnerability without executing an exploit.

Classification
Scanner 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DotNetNuke (DNN)
No auth needed
Prerequisites: Nmap with NSE support · Network access to the target DNN instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

DotNetNuke 07.04.00 - Administration Authentication Bypass
CRITICALVERIFIEDby 0xr2r
FOFA: app="DotNetNuke" || app="dotnetnuke"

References (5)

Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.dnnsoftware.com/community/security/security-center
Release Notes, Vendor Advisory x_refsource_confirm
https://dotnetnuke.codeplex.com/releases/view/615317
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39777/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96373

Scores

CVSS v3 9.8
EPSS 0.9270
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (3)
dnnsoftware/dotnetnuke < 07.04.00
dotnetnuke/dotnetnuke < 07.04.00
nuget/DotNetNuke.Core 0 - 7.4.1NuGet
Published Feb 06, 2017
Tracked Since Feb 18, 2026