EIP-2026-100647

PRE-CVE

DotNetNuke 9.5 - File Upload Restrictions Bypass

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100647. PoCs published by Sajjad Pourali.

AI-analyzed exploit summary This exploit demonstrates a file upload restriction bypass in DotNetNuke (DNN) 9.5 by leveraging client-side validation flaws. A normal user can bypass the whitelist by modifying the file upload parameters via browser console or proxy tools to upload files with extensions restricted to superusers.

Description

DotNetNuke 9.5 - File Upload Restrictions Bypass

Exploits (1)

exploitdb WORKING POC
by Sajjad Pourali · textwebappsaspx
https://www.exploit-db.com/exploits/48125

This exploit demonstrates a file upload restriction bypass in DotNetNuke (DNN) 9.5 by leveraging client-side validation flaws. A normal user can bypass the whitelist by modifying the file upload parameters via browser console or proxy tools to upload files with extensions restricted to superusers.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DotNetNuke (DNN) <= 9.5
Auth required
Prerequisites: Access to a normal user account in DNN · Browser console or proxy tool (e.g., Burp, ZAP)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026