PGV-258003U - DNN Insufficient Access Control - Image Upload allows for Site Content OverwriteDisclosed on October 29, 2025 (updated October 30, 2025)
This vulnerability affects a package that is primarily operated as a standalone application, service, CLI tool, or workflow system rather than integrated as a library or dependency within application runtime logic. While exploitation may have severe impact in deployments where that standalone package is exposed or attacker-accessible, it does not create a broadly applicable compromise path for consuming applications.
PGV-258003U is a category 4 vulnerabilty that affects DNN.PLATFORM, versions < 10.1.1
The risk assessment shows that this vulnerability is exlpoited by a external attacker. An unauthorized external actor who attempts to exploit this vulnerability without legitimate access.
The impact is an environmental compromise. Exploitation can escape the application boundary and impact the host environment, infrastructure, or other services.
The threat damage is caused by a denial of service. Exploitation can completely deny access to the application, resulting in a full outage.is caused by a data breach. Exploitation can result in full access to data within the system.is caused by data tampering. Exploitation can result in modification of any data (authorized or not) within the system.
The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files.
An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads.
| Network Exposure | External Accessable from the public internet |
| Access Interface | WebBrowser Primarily web-based applications |
| Service Outage | Disruptive Operations would be impacted |
| Data Breach | Disruptive Operations would be impacted |
| Data Tampering | Disruptive Operations would be impacted |
| Customize | |
v2.0.5 © 2026 Inedo, LLC
