CVE-2019-19392

The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data.

Link	Resource
https://github.com/fordnn/usersexportimport/commits/master	Third Party Advisory
https://blog.joaoorvalho.com/description-cve-2019-19392/	Exploit Third Party Advisory

Configuration 1

cpe:2.3:a:fordnn:usersexportimport:*:*:*:*:*:dotnetnuke:*:*

---

Published : 2020-01-21 05:15

Updated : 2020-02-05 05:48

---

NVD link : CVE-2019-19392

Mitre link : CVE-2019-19392

No products.

CWE-276

Incorrect Default Permissions