CVE-2008-7102
DotNetNuke 2.0-4.8.4 - Unauthenticated Arbitrary File Load via Skin File Parameter Validation
Title source: llmDescription
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45077
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/48345
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31893
Patch, Vendor Advisory x_refsource_confirm
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31145
Scores
EPSS
0.0141
EPSS Percentile
69.6%
Details
CWE
CWE-20
Status
published
Products (44)
dnnsoftware/dotnetnuke
2.1.1
dnnsoftware/dotnetnuke
2.1.2
dnnsoftware/dotnetnuke
3.0.7
dnnsoftware/dotnetnuke
3.0.8
dnnsoftware/dotnetnuke
3.0.11
dnnsoftware/dotnetnuke
3.1.0
dnnsoftware/dotnetnuke
3.3.5
dnnsoftware/dotnetnuke
4.0
dnnsoftware/dotnetnuke
4.3.5
dnnsoftware/dotnetnuke
4.4.1
... and 34 more
Published
Aug 27, 2009
Tracked Since
Feb 18, 2026