DNN File Upload Vulnerability Allowing Execution of Renamed Executables

A vulnerability exists in DNN (DotNetNuke) versions prior to 9.13.2, where the file upload mechanism only verifies file extensions against allowed types without inspecting the actual file contents. This oversight enables the upload of executable files disguised as images, such as .jpg files. Such a file could potentially be executed by exploiting another security vulnerability. This issue is relatively minor unless combined with other vulnerabilities.

Impact

Exploitation of this vulnerability could lead to the execution of unauthorized executable files, potentially allowing malicious actions to be performed on the server.

Reproduction

To reproduce this vulnerability, upload a file with an executable extension, such as .exe, renamed to a permitted image format like .jpg. The upload will be accepted without content verification. Once uploaded, the executable could be run by exploiting another vulnerability that allows execution of uploaded files.

Remediation

Users can update to DNN version 9.13.2 or later, where this vulnerability has been fixed.