Vulnerabilities > CVE-2006-3601 - Security vulnerability in DotNetNuke

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
dotnetnuke
critical
nessus

Summary

** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable.

Vulnerable Configurations

Part Description Count
Application
Dotnetnuke
1

Nessus

NASL familyCGI abuses
NASL idBDPDT_CMD_EXEC.NASL
descriptionThe remote host contains BDPDT, a database abstraction layer used in various add-on modules for DotNetNuke. The installed version of the BDPDT contains an ASP.NET script that allows an unauthenticated attacker to gain control of the affected host by allowing uploading arbitrary files with the
last seen2020-06-01
modified2020-06-02
plugin id21747
published2006-06-23
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21747
titleBDPDT for DotNetNuke (.net nuke) uploadfilepopup.aspx File Upload Privilege Escalation