CVE-2018-18325

HIGH KEV NUCLEI

Dnnsoftware Dotnetnuke < 9.2.2 - Weak Encryption

Title source: rule

Exploitation Summary

CVE-2018-18325 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 2 public exploits from researchers including Jon Park, Jon Seigel, including a Metasploit module exploits/windows/http/dnn_cookie_deserialization_rce. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. It leverages the DNNPersonalization cookie to execute arbitrary code by manipulating the XML structure and type attribute during deserialization.

Description

DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.

Exploits (2)

metasploit WORKING POC EXCELLENT

by Jon Park, Jon Seigel · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. It leverages the DNNPersonalization cookie to execute arbitrary code by manipulating the XML structure and type attribute during deserialization.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC

No auth needed

Prerequisites: Target must be running a vulnerable version of DNN · DNN must be configured to handle 404 errors with its built-in error page

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 24, 2026 Full analysis →

exploitdb WORKING POC

rubyremotewindows

https://www.exploit-db.com/exploits/48336

View Code ZIP pw:eip

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. It leverages the DNNPersonalization cookie to execute arbitrary code by crafting a malicious serialized payload, targeting the ObjectStateFormatter deserialization process.

Classification

Working Poc 100%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC

No auth needed

Prerequisites: Target must be running a vulnerable version of DNN · DNN must be configured to handle 404 errors with its built-in error page

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization

HIGHVERIFIEDby pdteam

FOFA: app="dotnetnuke"

References (4)

Core 4

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-18325

Release Notes x_refsource_misc

https://github.com/dnnsoftware/Dnn.Platform/releases

Vendor Advisory x_refsource_misc

https://www.dnnsoftware.com/community/security/security-center

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

Scores

CVSS v3 7.5

EPSS 0.9292

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact partial

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-0595

CWE

CWE-326

Status published

Products (2)

dnnsoftware/dotnetnuke 9.2 - 9.2.2

nuget/DotNetNuke.Core 0 - 9.3.0NuGet

Published Jul 03, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026