The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDnnsoftware Dotnetnuke
APPDnnsoftware≤ 07.04.00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2026-24838CRITICAL9.1PL ✓ten sam produkt
DNN/DotNetNuke: XSS w tytule modułu umożliwia wykonanie skryptów
CVE-2025-64095CRITICAL10.0PL ✓ten sam produkt
DNN/DotNetNuke: nieuwierzytelnione przesyłanie i nadpisywanie plików (RCE/XSS)
CVE-2025-59545CRITICAL9.0PL ✓ten sam produkt
XSS w module Prompt platformy DNN (DotNetNuke) — wykonanie skryptu
CVE-2018-18325HIGH7.5⚠ KEVten sam produkt
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: thi...
CVE-2018-15811HIGH7.5⚠ KEVten sam produkt
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.