6.8
CVE-2008-6541
- EPSS 1.01%
- Veröffentlicht 30.03.2009 01:30:00
- Zuletzt bearbeitet 16.06.2026 23:02:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginUnrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dnnsoftware ≫ Dotnetnuke Version <= 4.8.1
Dnnsoftware ≫ Dotnetnuke Version1.0.6
Dnnsoftware ≫ Dotnetnuke Version1.0.7
Dnnsoftware ≫ Dotnetnuke Version1.0.8
Dnnsoftware ≫ Dotnetnuke Version1.0.9
Dnnsoftware ≫ Dotnetnuke Version1.0.10d
Dnnsoftware ≫ Dotnetnuke Version1.0.10e
Dnnsoftware ≫ Dotnetnuke Version2.1.1
Dnnsoftware ≫ Dotnetnuke Version2.1.2
Dnnsoftware ≫ Dotnetnuke Version3.0.7
Dnnsoftware ≫ Dotnetnuke Version3.0.8
Dnnsoftware ≫ Dotnetnuke Version3.0.11
Dnnsoftware ≫ Dotnetnuke Version3.1.0
Dnnsoftware ≫ Dotnetnuke Version3.3.5
Dnnsoftware ≫ Dotnetnuke Version4.0
Dnnsoftware ≫ Dotnetnuke Version4.3.5
Dnnsoftware ≫ Dotnetnuke Version4.5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.01% | 0.584 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/29488
http://osvdb.org/43719
http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno11/tabid/1147/Default.aspx
http://www.securityfocus.com/bid/28438