What is CVE-2017-0929?

CVE-2017-0929 is a vulnerability in N/a. Published 2018-07-03.

Is CVE-2017-0929 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2017-0929

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources.

EPSS: 0.922 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
d4n-sec/d4n-sec.github.io

References

github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b… (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-0929?: CVE-2017-0929 is a vulnerability in N/a. Published 2018-07-03.
Is CVE-2017-0929 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.