PatchSiren

Dnnsoftware CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Dnnsoftware CVE published 2017-02-06

CVE-2015-2794

CVE-2015-2794 is a critical DotNetNuke (DNN) vulnerability affecting versions before 7.4.1. A remote attacker can send a direct request to the installation wizard and potentially force a reinstall of the application, which can result in SuperUser-level access.