Vulnerabilities > CVE-2004-2323 - Unspecified vulnerability in Dotnetnuke
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html
- http://secunia.com/advisories/10747
- http://secunia.com/advisories/10747
- http://www.osvdb.org/3749
- http://www.osvdb.org/3749
- http://www.securityfocus.com/bid/9518
- http://www.securityfocus.com/bid/9518
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14972
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14972