
We found results for “”
CVE-2025-32035
Good to know:

Date: April 8, 2025
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.
Severity Score
Related Resources (4)
Severity Score
Weakness Type (CWE)
Insufficient Type Distinction
CWE-351Top Fix

Upgrade Version
Upgrade to version DotNetNuke.Core - 9.13.2;https://github.com/dnnsoftware/Dnn.Platform.git - v9.13.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |