CVE-2015-2794: Insecure Default Initialization of Resource

February 6, 2017 (updated March 2, 2017)

The installation wizard in DotNetNuke (DNN) allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

References

nvd.nist.gov/vuln/detail/CVE-2015-2794

Detect and mitigate CVE-2015-2794 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →