Primary

Context

DNN Portal File Enumeration Vulnerability Allowing Unauthorized Access to Sensitive Files

Vulnerability

Patched

A vulnerability exists in DNN (formerly DotNetNuke) versions prior to 9.13.8, allowing registered users to craft requests that enumerate or access portal files they should not be able to. This issue could lead to the unauthorized disclosure of sensitive files or proprietary data stored within the application's portal files.

Impact

Exploitation of this vulnerability could result in the unauthorized access and disclosure of sensitive files or confidential information stored within the application's portal files.

Remediation

Users can upgrade to DNN version 9.13.8 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DNN Portal File Enumeration Vulnerability Allowing Unauthorized Access to Sensitive Files

Vulnerability

Impact

Remediation

Affected Products

DNN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating