CVE-2020-5187
Description
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
DNN (DotNetNuke) through 9.4.4 allows path traversal, enabling unauthorized file access.
Vulnerability
Description
CVE-2020-5187 is a path traversal vulnerability in DNN (formerly DotNetNuke) affecting versions through 9.4.4. The vulnerability arises from insufficient input validation when handling file paths, allowing an attacker to traverse outside the intended directory. This is the second of two path traversal issues reported for this platform [1].
Exploitation
An attacker can exploit this vulnerability by sending specially crafted requests containing directory traversal sequences (e.g., ../) to vulnerable endpoints. No authentication is required, making the attack surface broad. The flaw can be triggered remotely over the network without special privileges [3].
Impact
Successful exploitation allows an attacker to read arbitrary files on the server, potentially exposing sensitive configuration files, user data, or application source code. This can lead to further compromise of the system or data breaches.
Mitigation
The vendor has addressed this issue in later releases. Administrators should upgrade to a version beyond 9.4.4. As of the latest release, DNN 10.3.2 includes fixes for this and other vulnerabilities [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.CoreNuGet | < 9.5.0 | 9.5.0 |
Affected products
2- DNN/DNNdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-4qf5-7xc2-wqpgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5187ghsaADVISORY
- packetstormsecurity.com/files/156489/DotNetNuke-CMS-9.4.4-Zip-Directory-Traversal.htmlghsax_refsource_MISCWEB
- medium.com/%40SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175mitrex_refsource_MISC
- medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-secure-as-you-think-e8516f789175ghsaWEB
News mentions
0No linked articles in our index yet.