CVE-2008-6542

Опубликовано: 30 мар. 2009

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.

Комментарий

Per vendor advisory: http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx

Mitigating factors

* The host user must have added the HTM or HTML file type to the default File Upload Extensions * The user must have access to the file manager. * By default this issue only affects Admin users.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dotnetnuke:dotnetnuke:*:*:*:*:*:*:*:*

Версия до 4.8.1 (включая)

cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10e:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:*

cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01387

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-5mw6-9457-8h48

github

больше 3 лет назад