### [CVE-2015-2794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2794)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.

### POC

#### Reference
- http://www.dnnsoftware.com/community/security/security-center
- https://www.exploit-db.com/exploits/39777/

#### Github
- https://github.com/0xr2r/-DotNetNuke-Administration-Authentication-Bypass
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Kro0oz/-DotNetNuke-Administration-Authentication-Bypass
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/hantwister/sites-compromised-20170625-foi
- https://github.com/styx00/DNN_CVE-2015-2794
- https://github.com/wilsc0w/CVE-2015-2794-finder
- https://github.com/x0xr2r/-DotNetNuke-Administration-Authentication-Bypass