CVE-2008-7100

Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
dnnsoftwaredotnetnuke
4.4.1
dnnsoftwaredotnetnuke
4.5.2
dnnsoftwaredotnetnuke
4.5.4
dnnsoftwaredotnetnuke
4.5.5
dnnsoftwaredotnetnuke
4.6.0
dnnsoftwaredotnetnuke
4.6.1
dnnsoftwaredotnetnuke
4.6.2
dnnsoftwaredotnetnuke
4.7.0
dnnsoftwaredotnetnuke
4.8.0
dnnsoftwaredotnetnuke
4.8.1
dnnsoftwaredotnetnuke
4.8.2
dnnsoftwaredotnetnuke
4.8.3
dnnsoftwaredotnetnuke
4.8.4
𝑥
= Vulnerable software versions
References
http://osvdb.org/48343
http://secunia.com/advisories/31893
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx
http://www.securityfocus.com/bid/31145
https://exchange.xforce.ibmcloud.com/vulnerabilities/45081
http://osvdb.org/48343
http://secunia.com/advisories/31893
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspx
http://www.securityfocus.com/bid/31145
https://exchange.xforce.ibmcloud.com/vulnerabilities/45081