Vulnerabilities > Dotnetnuke > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-06 | CVE-2015-2794 | Permissions, Privileges, and Access Controls vulnerability in Dotnetnuke The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. | 7.5 |
| 2009-08-27 | CVE-2008-7102 | Improper Input Validation vulnerability in Dotnetnuke DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation. | 7.5 |
| 2004-12-31 | CVE-2004-2324 | Multiple vulnerability in DotNetNuke SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. | 7.5 |