CVE-2018-15811

CVE-2018-15811 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 2 public exploits from researchers including Jon Park, Jon Seigel, including a Metasploit module exploits/windows/http/dnn_cookie_deserialization_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC by crafting a malicious DNNPersonalization cookie, leading to remote code execution. It supports multiple versions with varying encryption requirements and includes features for key/IV extraction and payload encryption.

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.