Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822 - Vulnerability Database

DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822

Description

DNN (DotNetNuke) CMS is a .NET content management system.

DNN uses usafe deserialization for a DNNPersonalization cookie. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data. An attacker can leverage this vulnerability to execute arbitrary code on the system.

Remediation

Upgrade to the latest version of DNN

References

Security Center
ysoserial.net

Related Vulnerabilities

ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) Critical
Common tags: Insecure Deserialization Acumonitor Known Vulnerabilities
Deserialization of Untrusted Data (XStream) High
Common tags: Insecure Deserialization Acumonitor Known Vulnerabilities
Ruby on Rails DoubleTap RCE (CVE-2019-5420) High
Common tags: Insecure Deserialization Acumonitor Known Vulnerabilities
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson High
Common tags: Insecure Deserialization Acumonitor Known Vulnerabilities
SAP Hybris Deserialization RCE High
Common tags: Insecure Deserialization Acumonitor Known Vulnerabilities

Severity

High

Classification

CVE-2017-9822
CWE-502
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Deserialization
Acumonitor
Known Vulnerabilities