Vulnerabilities > CVE-2008-6542 - Remote vulnerability in DotNetNuke Prior to 4.8.2

CVSS 4.6 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

dotnetnuke

NVD

Published: 2009-03-30

Updated: 2017-08-17

Summary

Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files. Per vendor advisory: http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx Mitigating factors * The host user must have added the HTM or HTML file type to the default File Upload Extensions * The user must have access to the file manager. * By default this issue only affects Admin users.

Vulnerable Configurations

Part	Description	Count
Application	Dotnetnuke Dotnetnuke Dotnetnuke 1.0.6 Dotnetnuke Dotnetnuke 1.0.7 Dotnetnuke Dotnetnuke 1.0.8 Dotnetnuke Dotnetnuke 1.0.9 Dotnetnuke Dotnetnuke 1.0.10D Dotnetnuke Dotnetnuke 1.0.10E Dotnetnuke Dotnetnuke 2.1.1 Dotnetnuke Dotnetnuke 2.1.2 Dotnetnuke Dotnetnuke 3.0.7 Dotnetnuke Dotnetnuke 3.0.8 Dotnetnuke Dotnetnuke 3.0.11 Dotnetnuke Dotnetnuke 3.1.0 Dotnetnuke Dotnetnuke 4.0 Dotnetnuke Dotnetnuke 4.5.2 Dotnetnuke Dotnetnuke 3.3.5 Dotnetnuke Dotnetnuke 4.3.5 Dotnetnuke Dotnetnuke 4.4.1 Dotnetnuke Dotnetnuke 4.5.4 Dotnetnuke Dotnetnuke 4.5.5 Dotnetnuke Dotnetnuke 4.6.0 Dotnetnuke Dotnetnuke 4.6.1 Dotnetnuke Dotnetnuke 4.6.2 Dotnetnuke Dotnetnuke 4.7.0 Dotnetnuke Dotnetnuke 4.8.0 Dotnetnuke Dotnetnuke 4.8.1	25

Summary

Vulnerable Configurations

References