Web application abuses : DotNetNuke Skin Files Security Bypass Vulnerability

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.800685

Kategorie: Web application abuses

Titel: DotNetNuke Skin Files Security Bypass Vulnerability

Zusammenfassung: The host is installed with DotNetNuke and is prone to security; bypass vulnerability.

Beschreibung: Summary:
The host is installed with DotNetNuke and is prone to security
bypass vulnerability.

Vulnerability Insight:
The vulnerability is caused due improper validation of user data passed
via unspecified parameters before being used to load skin files.

Vulnerability Impact:
Successful exploitation could allows remote attackers to gain administrative
privileges or compromise the affected system.

Affected Software/OS:
DotNetNuke versions 2.0 to 4.8.4.

Solution:
Upgrade to DotNetNuke version 4.9.0 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 31145
Common Vulnerability Exposure (CVE) ID: CVE-2008-7102
http://www.securityfocus.com/bid/31145
http://osvdb.org/48345
http://secunia.com/advisories/31893
XForce ISS Database: dotnetnuke-skinfiles-security-bypass(45077)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45077

Copyright Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.800685
Kategorie:	Web application abuses
Titel:	DotNetNuke Skin Files Security Bypass Vulnerability
Zusammenfassung:	The host is installed with DotNetNuke and is prone to security; bypass vulnerability.
Beschreibung:	Summary: The host is installed with DotNetNuke and is prone to security bypass vulnerability. Vulnerability Insight: The vulnerability is caused due improper validation of user data passed via unspecified parameters before being used to load skin files. Vulnerability Impact: Successful exploitation could allows remote attackers to gain administrative privileges or compromise the affected system. Affected Software/OS: DotNetNuke versions 2.0 to 4.8.4. Solution: Upgrade to DotNetNuke version 4.9.0 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 31145 Common Vulnerability Exposure (CVE) ID: CVE-2008-7102 http://www.securityfocus.com/bid/31145 http://osvdb.org/48345 http://secunia.com/advisories/31893 XForce ISS Database: dotnetnuke-skinfiles-security-bypass(45077) https://exchange.xforce.ibmcloud.com/vulnerabilities/45077
Copyright	Copyright (C) 2009 Greenbone Networks GmbH