CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
83.4%
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
Vendor | Product | Version | CPE |
---|---|---|---|
dotnetnuke | dotnetnuke | 2.1.1 | cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.1:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 2.1.2 | cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.2:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 3.0.7 | cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.7:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 3.0.8 | cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.8:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 3.0.11 | cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.11:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 3.1.0 | cpe:2.3:a:dotnetnuke:dotnetnuke:3.1.0:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 3.3.5 | cpe:2.3:a:dotnetnuke:dotnetnuke:3.3.5:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 4.0 | cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 4.3.5 | cpe:2.3:a:dotnetnuke:dotnetnuke:4.3.5:*:*:*:*:*:*:* |
dotnetnuke | dotnetnuke | 4.4.1 | cpe:2.3:a:dotnetnuke:dotnetnuke:4.4.1:*:*:*:*:*:*:* |