CVE-2009-4109

DotNetNuke <5.1.4 - Info Disclosure

Title source: llm
STIX 2.1

Description

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37480
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37139
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/60520

Scores

EPSS 0.0123
EPSS Percentile 65.3%

Details

CWE
CWE-200
Status published
Products (48)
dnnsoftware/dotnetnuke 4.0
dnnsoftware/dotnetnuke 4.3.5
dnnsoftware/dotnetnuke 4.4.1
dnnsoftware/dotnetnuke 4.5.2
dnnsoftware/dotnetnuke 4.5.4
dnnsoftware/dotnetnuke 4.5.5
dnnsoftware/dotnetnuke 4.6.0
dnnsoftware/dotnetnuke 4.6.1
dnnsoftware/dotnetnuke 4.6.2
dnnsoftware/dotnetnuke 4.7.0
... and 38 more
Published Nov 29, 2009
Tracked Since Feb 18, 2026