CVE-2018-15811

DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.

Basic Information

CVE State: PUBLISHED
Reserved Date: August 23, 2018
Published Date: July 03, 2019
Last Updated: October 21, 2025
Vendor: DNN
Product: DotNetNuke
Description: DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source

References

https://github.com/dnnsoftware/Dnn.Platform/releases https://www.dnnsoftware.com/community/security/security-center http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-15811.yaml	2026-06-01 15:34:26 UTC
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb	2025-04-28 15:02:51 UTC

Timeline

CVE ID Reserved

August 23, 2018
CVE Published to Public

July 03, 2019
Added to KEVIntel

November 03, 2021
Added to KEVIntel

November 03, 2021
Detected by Metasploit

April 28, 2025
Detected by Nuclei

June 01, 2026