CVE-2008-7102

Sažetak

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.

Reference

http://osvdb.org/48345
http://secunia.com/advisories/31893
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx
http://www.securityfocus.com/bid/31145
https://exchange.xforce.ibmcloud.com/vulnerabilities/45077
http://osvdb.org/48345
http://secunia.com/advisories/31893
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx
http://www.securityfocus.com/bid/31145
https://exchange.xforce.ibmcloud.com/vulnerabilities/45077

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

24-04-2026 - 17:34

Objavljeno

27-08-2009 - 20:30