{"id":"CVE-2018-15812","details":"DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.","aliases":["GHSA-pf46-gqg9-j3v3"],"modified":"2026-04-10T04:06:21.416905Z","published":"2019-07-03T17:15:10.190Z","references":[{"type":"ADVISORY","url":"https://github.com/dnnsoftware/Dnn.Platform/releases"},{"type":"ADVISORY","url":"https://www.dnnsoftware.com/community/security/security-center"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dnnsoftware/dnn.platform","events":[{"introduced":"230f949b98ef1f4d456dbd891f21b4f5ffdf6bb9"},{"last_affected":"cbb869e0a4ef1a08908ac73c6d55edf9c7db0b88"}],"database_specific":{"versions":[{"introduced":"9.2"},{"last_affected":"9.2.1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15812.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}