-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from insufficient server-side validation of file extensions for non-superusers. While superuser uploads had server-side checks, regular user uploads only had client-side validation which could be bypassed. The FileManager.SaveFile method in DNN's core file handling service is the logical entry point for upload operations, and its failure to enforce extension validation for non-privileged users aligns with the described vulnerability mechanism. The CWE-434 classification and exploit documentation confirm this pattern of insecure file handling.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| DotNetNuke.Core | nuget | <= 9.4.4 |