Description
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37480
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37139
Vendor Advisory x_refsource_confirm
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/60520
Scores
EPSS
0.0123
EPSS Percentile
65.3%
Details
CWE
CWE-200
Status
published
Products (48)
dnnsoftware/dotnetnuke
4.0
dnnsoftware/dotnetnuke
4.3.5
dnnsoftware/dotnetnuke
4.4.1
dnnsoftware/dotnetnuke
4.5.2
dnnsoftware/dotnetnuke
4.5.4
dnnsoftware/dotnetnuke
4.5.5
dnnsoftware/dotnetnuke
4.6.0
dnnsoftware/dotnetnuke
4.6.1
dnnsoftware/dotnetnuke
4.6.2
dnnsoftware/dotnetnuke
4.7.0
... and 38 more
Published
Nov 29, 2009
Tracked Since
Feb 18, 2026