CVE-2025-32035

LOW Year: 2025
CVSS v3 Score
2.6
Low
Weakness Type
CWE-351
View all →

Vulnerability Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but the actual contents of the file aren't checked. This means that it's possible to e.g. upload an executable file renamed to be a .jpg. This file could then be executed by another security vulnerability. This vulnerability is fixed in 9.13.2.

Related Vulnerabilities

CVE-2024-45676

MEDIUM
CVSS:4.3(Medium)

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction.

CWE-3512024

CVE-2025-30510

CRITICAL
CVSS:9.8(Critical)

An attacker can upload an arbitrary file instead of a plant image.

CWE-3512025

CVE-2023-2866

HIGH
CVSS:7.8(High)

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the S...

CWE-3512023

CVE-2020-10134

MEDIUM
CVSS:6.3(Medium)

Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different...

CWE-3512020

CVE-2024-4769

MEDIUM
CVSS:5.9(Medium)

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn in...

CWE-3512024

CVE-2025-47939

MEDIUM
CVSS:5.4(Medium)

TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the...

CWE-3512025