Critical severity9.8NVD Advisory· Published Feb 6, 2017· Updated May 13, 2026
CVE-2015-2794
CVE-2015-2794
Description
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.CoreNuGet | < 7.4.1 | 7.4.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.dnnsoftware.com/community/security/security-centernvdPatchVendor AdvisoryWEB
- www.exploit-db.com/exploits/39777/nvdExploitThird Party AdvisoryVDB Entry
- www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issuenvdMitigationVendor AdvisoryWEB
- dotnetnuke.codeplex.com/releases/view/615317nvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-x8f7-h444-97w4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-2794ghsaADVISORY
- www.securityfocus.com/bid/96373nvdWEB
- www.exploit-db.com/exploits/39777ghsaWEB
News mentions
0No linked articles in our index yet.