Relative Path Traversal in dnnsoftware/dnn.platform
Description
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Relative path traversal in DNN Platform prior to 9.11.0 allows authenticated attackers to read arbitrary files via crafted log file names.
Vulnerability
Description
CVE-2022-2922 is a relative path traversal vulnerability in the DNN Platform (formerly DotNetNuke) affecting versions prior to 9.11.0. The flaw resides in the log file retrieval functionality, specifically in the GetLogFile and GetUpgradeLogFile methods of the LogController service. The application directly concatenates user-supplied file names with a base directory path using Path.Combine, without sanitizing path traversal sequences ([1]). This allows an attacker to escape the intended logs directory.
Exploitation
An authenticated attacker with access to the log viewing functionality can craft a request with a filename parameter containing traversal strings such as ../. For example, requesting a file named ../../../web.config would result in Path.Combine resolving to a path outside the logs folder. The attacker does not require elevated privileges beyond the ability to access the log viewer, which is available to site administrators ([3], [4]).
Impact
Successful exploitation enables an attacker to read arbitrary files on the server's file system within the web application's context. This could expose sensitive information including configuration files containing database connection strings, cryptographic keys, or other secrets, potentially leading to further compromise.
Mitigation
The vulnerability has been patched in DNN Platform version 9.11.0. The fix sanitizes the file name input by calling Path.GetFileName before combining it with the base path, effectively removing any directory traversal components ([3], [4]). Users are strongly advised to upgrade to the latest version or apply the commit manually if running an older release.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.CoreNuGet | < 9.11.0 | 9.11.0 |
DotNetNuke.WebNuGet | < 9.11.0 | 9.11.0 |
Affected products
3- ghsa-coords2 versions
< 9.11.0+ 1 more
- (no CPE)range: < 9.11.0
- (no CPE)range: < 9.11.0
- dnnsoftware/dnnsoftware/dnn.platformv5Range: unspecified
Patches
19b17351592fbRestrict log viewing to files only
1 file changed · +5 −3
Dnn.AdminExperience/Dnn.PersonaBar.Extensions/Services/ServerSettingsLogsController.cs+5 −3 modified@@ -1,4 +1,4 @@ -// Licensed to the .NET Foundation under one or more agreements. +// Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information @@ -52,7 +52,8 @@ public HttpResponseMessage GetLogFile(string fileName) { try { - var logFilePath = Path.Combine(Globals.ApplicationMapPath, @"portals\_default\logs", fileName); + var cleanedFileName = Path.GetFileName(fileName); + var logFilePath = Path.Combine(Globals.ApplicationMapPath, @"portals\_default\logs", cleanedFileName); return this.CreateLogFileResponse(logFilePath); } catch (ArgumentException exc) @@ -72,7 +73,8 @@ public HttpResponseMessage GetUpgradeLogFile(string logName) try { var providerPath = DataProvider.Instance().GetProviderPath(); - var logFilePath = Path.Combine(providerPath, logName); + var cleanedLogName = Path.GetFileName(logName); + var logFilePath = Path.Combine(providerPath, cleanedLogName); return this.CreateLogFileResponse(logFilePath); } catch (ArgumentException exc)
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-9w72-2f23-57gmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-2922ghsaADVISORY
- github.com/dnnsoftware/Dnn.Platform/commit/3697c5344cef8d49214230f0cc2efcd9e93a00a8ghsaWEB
- github.com/dnnsoftware/dnn.platform/commit/9b17351592fbde376506ba6705dbcc7a74a2a195ghsax_refsource_MISCWEB
- huntr.dev/bounties/74918f40-dc11-4218-abef-064eb71a0703ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.