CVE-2022-47053 (Medium) detected in DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll

[mend-bolt-for-github]

CVE-2022-47053 - Medium Severity Vulnerability

Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll

DotNetNuke.Modules.DigitalAssets

Library home page: https://api.nuget.org/packages/dotnetnuke.bundle.9.8.0.nupkg

Path to vulnerable library: /References/DNN/09.07.00/DotNetNuke.Modules.DigitalAssets.dll

Dependency Hierarchy:

• ❌ DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll (Vulnerable Library)

Found in HEAD commit: d6abd56cf0fd6b2d3d2037d2844bf7d7d130c52c

Found in base branch: development

Vulnerability Details

An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.

Publish Date: 2023-04-12

URL: CVE-2022-47053

CVSS 3 Score Details (5.4)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager

Release Date: 2023-04-12

Fix Resolution: DotNetNuke.Bundle - 9.11.0

---

Step up your Open Source Security Game with Mend here