CVE-2018-9126
published 2018-04-04CVE-2018-9126: The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via…
PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
50.24%
98.8th percentile
The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zldnn | dnnarticle | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting GetCSS.ashx with a 'CP' parameter containing path traversal sequences (e.g., %2f or /) pointing to web.config or other sensitive files. ↗
- →Alert on requests to desktopmodules/DNNArticle/GetCSS.ashx with query parameters referencing web.config, which may indicate attempted credential harvesting via directory traversal. ↗
- ·The exploit URL includes 'smid' and 'portalid' parameters that may vary per installation; detection rules should focus on the CP parameter containing web.config rather than exact smid/portalid values. ↗
- ·Successful exploitation exposes database credentials stored in web.config; any confirmed hit should trigger immediate credential rotation for the affected DNN database. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-04-04
Published