CVE-2018-9126 — Vulnetix

CVE-2018-9126 PUBLISHED CVSS 9.800000190734863 CRITICAL

The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI.

EPSS 83.32% · 99.3th percentile

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

83.32%

99.3th percentile

Affected Products

Vendor	Product	Versions
zldnn	dnnarticle	11
n/a	n/a	*

Timeline

Apr 2, 2018 PoC Published
Apr 4, 2018 CVE Published
Apr 14, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Aug 4, 2022 EPSS Score
Aug 5, 2024 CVE Updated
Dec 17, 2024 EPSS Score
Mar 17, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
May 1, 2025 EPSS Score
Jun 1, 2025 EPSS Score

References

http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html url
44414 exploit
https://nvd.nist.gov/vuln/detail/CVE-2018-9126 advisory
https://www.exploit-db.com/exploits/44414 url

Open in Interactive Console →