DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.
https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3
https://thehackernews.com/2025/03/over-400-ips-exploiting-multiple-ssrf.html
https://www.greynoise.io/blog/new-ssrf-exploitation-surge
Source: Mitre, NVD
Published: 2018-07-03
Updated: 2026-06-17
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Severity: Medium
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: High
EPSS: 0.12543