DotNetNuke DNNArticle Module SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with DotNetNuke DNNArticle and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application

Solution

Upgrade to version 10.1 or later, For updates refer to http://www.zldnn.com

Insight

Input passed via the 'categoryid' GET parameter to 'desktopmodules/ dnnarticle/dnnarticlerss.aspx' (when 'moduleid' is set) is not properly sanitized before being used in a SQL query.

Affected

DotNetNuke DNNArticle module versions 10.0 and prior

Detection

Send a crafted HTTP GET request and check whether it is able to read the SQL server version or not.

References

http://packetstormsecurity.com/files/122824
http://secunia.com/advisories/54545
http://www.exploit-db.com/exploits/27602

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-5117

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
AjaxPortal 'di.php' File Inclusion Vulnerability
A Really Simple Chat Multiple SQL Injection Vulnerabilities
Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability

Take action and discover your vulnerabilities