CVE-2021-40186

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

Published: Jun 2, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-40186
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
dnnsoftware / dotnetnuke	-	9.10.2.x

https://appcheck-ng.com/dnn-cms-server-side-request-forgery-cve-2021-40186

Vulnerability Database

CVE-2021-40186

Deep Security Visibility Without the Complexity