Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7102

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7102
Last Modified 28 Aug 2009 12:00:00
Published 27 Aug 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7102

Summary

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.

Vulnerable Systems

Application

  • Dotnetnuke 2.1.1

  • Dotnetnuke 2.1.2

  • Dotnetnuke 3.0.11

  • Dotnetnuke 3.0.7

  • Dotnetnuke 3.0.8

  • Dotnetnuke 3.1.0

  • Dotnetnuke 3.3.5

  • Dotnetnuke 4.0

  • Dotnetnuke 4.3.5

  • Dotnetnuke 4.4.1

  • Dotnetnuke 4.5.2

  • Dotnetnuke 4.5.4

  • Dotnetnuke 4.5.5

  • Dotnetnuke 4.6.0

  • Dotnetnuke 4.6.1

  • Dotnetnuke 4.6.2

  • Dotnetnuke 4.7.0

  • Dotnetnuke 4.8.0

  • Dotnetnuke 4.8.1

  • Dotnetnuke 4.8.2

  • Dotnetnuke 4.8.3

  • Dotnetnuke 4.8.4


References

CONFIRM - http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx

XF - dotnetnuke-skinfiles-security-bypass(45077)

BID - 31145

SECUNIA - 31893

OSVDB - 48345


Last Updated: 27 May 2016 10:49:28