Skip to main content

Dotnetnuke CVE-2022-2922

MEDIUM
Relative Path Traversal (CWE-23)
2022-09-30 security@huntr.dev
4.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.9 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 30, 2022 - 07:15 nvd
MEDIUM 4.9

DescriptionNVD

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.

AnalysisAI

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-23. Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. Affected products include: Dnnsoftware Dotnetnuke. Version information: prior to 9.11.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-52488 HIGH POC
8.6 Jun 21

DNN (DotNetNuke) CMS versions 6.0.0 through 10.0.0 contain a vulnerability that can expose NTLM hashes to a third-party

CVE-2020-5187 HIGH POC
8.8 Feb 24

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). Rated high severity (CVSS 8.8), this vulne

CVE-2020-5188 MEDIUM POC
6.5 Feb 24

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. Rated medium severity (CVSS 6.5), this vulnerability i

CVE-2020-37103 MEDIUM POC
6.4 Feb 03

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML

CVE-2019-12562 MEDIUM POC
6.1 Sep 26

Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the mali

CVE-2020-5186 MEDIUM POC
5.4 Feb 24

DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability

CVE-2026-24838 CRITICAL
9.1 Jan 28

DNN (DotNetNuke) CMS has a stored XSS vulnerability (CVSS 9.1) allowing persistent script injection that executes for al

CVE-2020-11585 MEDIUM POC
4.3 Apr 06

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Us

CVE-2026-24833 HIGH
7.6 Jan 28

DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative inter

CVE-2026-24837 HIGH
7.6 Jan 28

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users

CVE-2026-24836 HIGH
7.6 Jan 28

Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administ

CVE-2025-52487 HIGH
7.5 Jun 21

CVE-2025-52487 is an authentication bypass vulnerability in DNN (DotNetNuke) versions 7.0.0 through 10.0.0 that allows a

Share

CVE-2022-2922 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy