CVE-2020-11585

Published: Apr 6, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://neff.blog/2020/04/04/dotnetnuke-9-5-file-path-information-disclosure/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11585

Description

Affected Products

References