CVE-2021-40186 MEDIUM

CVE-2021-40186: DNN CMS Server-Side Request Forgery (SSRF)

Vendor Dnnsoftware
Product DNN Platform
Weakness CWE-918 · SSRF
Published May 31, 2022
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services.

Key dates

02Disclosure timeline

May 31, 2022 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-47548 WordPress Wbcom Designs - Activity Link Preview For BuddyPress plugin <= 1.4.4 - Server Side Request Forgery (SSRF) Vulnerability CVE-2026-30242 Plane: SSRF via Incomplete IP Validation in Webhook URL Serializer CVE-2022-41609 WordPress Better Messages plugin <= 1.9.10.68 - Server-Side Request Forgery (SSRF) vulnerability CVE-2026-7325 CVE-2025-31076 WordPress WP Compress for MainWP plugin <= 6.30.03 - Server Side Request Forgery (SSRF) vulnerability