CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
dnnsoftwaredotnetnuke
2.1.1
dnnsoftwaredotnetnuke
2.1.2
dnnsoftwaredotnetnuke
3.0.7
dnnsoftwaredotnetnuke
3.0.8
dnnsoftwaredotnetnuke
3.0.11
dnnsoftwaredotnetnuke
3.1.0
dnnsoftwaredotnetnuke
3.3.5
dnnsoftwaredotnetnuke
4.0
dnnsoftwaredotnetnuke
4.3.5
dnnsoftwaredotnetnuke
4.4.1
dnnsoftwaredotnetnuke
4.5.2
dnnsoftwaredotnetnuke
4.5.4
dnnsoftwaredotnetnuke
4.5.5
dnnsoftwaredotnetnuke
4.6.0
dnnsoftwaredotnetnuke
4.6.1
dnnsoftwaredotnetnuke
4.6.2
dnnsoftwaredotnetnuke
4.7.0
dnnsoftwaredotnetnuke
4.8.0
dnnsoftwaredotnetnuke
4.8.1
dnnsoftwaredotnetnuke
4.8.2
dnnsoftwaredotnetnuke
4.8.3
dnnsoftwaredotnetnuke
4.8.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/48345
http://secunia.com/advisories/31893
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx
http://www.securityfocus.com/bid/31145
https://exchange.xforce.ibmcloud.com/vulnerabilities/45077
http://osvdb.org/48345
http://secunia.com/advisories/31893
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx
http://www.securityfocus.com/bid/31145
https://exchange.xforce.ibmcloud.com/vulnerabilities/45077