Detections
Analytics

DotNetNuke < 10.1.1 Unrestricted File Upload

critical Web App Scanning Plugin ID 115031

Language:

Synopsis

DotNetNuke < 10.1.1 Unrestricted File Upload

Description

DotNetNuke CMS versions prior to 10.1.1 are affected by an unrestricted file upload vulnerability due to improper validation of uploaded files in the default HTML editor provider. This vulnerability allows unauthenticated users to upload files without proper restrictions, potentially leading to overwriting existing files on the server.

An attacker could exploit this vulnerability by uploading malicious files, which could lead to website defacement or, when combined with other vulnerabilities, the execution of cross-site scripting (XSS) payloads.

Solution

Upgrade to DNN Platform 10.1.1 or later.

See Also

https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw

https://www.dnnsoftware.com/community/security/security-center

Plugin Details

Severity: Critical

ID: 115031

Type: remote

Published: 11/10/2025

Updated: 11/10/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-64095

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2025-64095

Vulnerability Information

CPE: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/27/2025

Vulnerability Publication Date: 10/27/2025

Reference Information

CVE: CVE-2025-64095