cbcvebase.
CVE-2015-2794
published 2017-02-06

CVE-2015-2794: The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to…

PriorityP181critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
74.55%
99.4th percentile
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

Affected

1 ranges
VendorProductVersion rangeFixed in
dnnsoftwaredotnetnuke<= 07.04.00

Detection & IOCsextracted from sources · hover to see the quote

path/Install/InstallWizard.aspx
url{{BaseURL}}/Install/InstallWizard.aspx?__VIEWSTATE
urlhttp://www.example.com/Install/InstallWizard.aspx?__VIEWSTATE=&culture=en-US&executeinstall
urlhttp://www.example.com/Install/InstallWizard.aspx?__VIEWSTATE=
  • HTTP GET request to /Install/InstallWizard.aspx with __VIEWSTATE parameter indicates exploitation attempt; response body containing both 'Administrative Information' and 'Database Information' confirms the wizard is accessible to unauthenticated users.
  • Exploitation with default DNN SQL configuration creates a SuperUser account with username 'host' and password 'dnnhost' via the executeinstall query parameter.
  • Monitor for unauthenticated GET/POST requests to /Install/InstallWizard.aspx on DotNetNuke installations; the presence of query parameters __VIEWSTATE= and/or executeinstall is a strong indicator of exploitation.
  • FOFA/Shodan fingerprint queries 'app="DotNetNuke"' can be used to identify exposed DNN instances for proactive scanning.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.