CVE-2017-0929

HIGH EXPLOITED NUCLEI

DNN <9.2.0 - SSRF

Title source: llm

Description

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.

Nuclei Templates (1)

DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery

HIGHby charanrayudu,meme-lord

FOFA: app="dotnetnuke"

References (1)

[Third Party Advisory] https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.9264

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-09-19

CWE

CWE-918

Status published

Products (2)

dnnsoftware/dotnetnuke < 9.2.0

nuget/DotNetNuke.Core 0 - 9.2.0NuGet

Published Jul 03, 2018

Tracked Since Feb 18, 2026