CVE-2018-18326

HIGH

DNN 9.2-9.2.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-18326. PoCs published by Metasploit, Jon Park, Jon Seigel, including Metasploit module exploits/windows/http/dnn_cookie_deserialization_rce.

AI-analyzed exploit summary This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC by crafting a malicious DNNPersonalization cookie, leading to remote code execution. The exploit leverages the ObjectStateFormatter deserialization process to execute arbitrary commands.

Description

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/48336

View Code ZIP pw:eip

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC by crafting a malicious DNNPersonalization cookie, leading to remote code execution. The exploit leverages the ObjectStateFormatter deserialization process to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: DotNetNuke (DNN) 5.0.0 to 9.3.0-RC

No auth needed

Prerequisites: Target must be running a vulnerable version of DNN · DNN must be configured to handle 404 errors with its built-in error page

MITRE ATT&CK

T1189 - Drive-by Compromise T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Jon Park, Jon Seigel · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC by crafting a malicious DNNPersonalization cookie, leading to remote code execution. It supports multiple target versions and includes encryption handling for newer DNN releases.

Classification

Working Poc 100%

Attack Type

Deserialization

Complexity

Complex

Reliability

Reliable

Target: DotNetNuke (DNN) 5.0.0 to 9.3.0-RC

Auth required

Prerequisites: Target DNN version · Encryption key/IV or verification code for newer versions · Session token for versions 9.2.0+

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Apr 24, 2026 Full analysis →

References (3)

Core 3

Core References

Release Notes x_refsource_misc

https://github.com/dnnsoftware/Dnn.Platform/releases

Vendor Advisory x_refsource_misc

https://www.dnnsoftware.com/community/security/security-center

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

Scores

CVSS v3 7.5

EPSS 0.7583

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-331

Status published

Products (2)

dnnsoftware/dotnetnuke 9.2 - 9.2.2

nuget/DotNetNuke.Core 0 - 9.3.0NuGet

Published Jul 03, 2019

Tracked Since Feb 18, 2026