CVE-2009-4109

EUVD-2009-4080
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
dotnetnukedotnetnuke
4.0
dotnetnukedotnetnuke
4.3.5
dotnetnukedotnetnuke
4.4.1
dotnetnukedotnetnuke
4.5.2
dotnetnukedotnetnuke
4.5.4
dotnetnukedotnetnuke
4.5.5
dotnetnukedotnetnuke
4.6.0
dotnetnukedotnetnuke
4.6.1
dotnetnukedotnetnuke
4.6.2
dotnetnukedotnetnuke
4.7.0
dotnetnukedotnetnuke
4.8.0
dotnetnukedotnetnuke
4.8.1
dotnetnukedotnetnuke
4.8.2
dotnetnukedotnetnuke
4.8.3
dotnetnukedotnetnuke
4.8.4
dotnetnukedotnetnuke
4.9
dotnetnukedotnetnuke
4.9.1
dotnetnukedotnetnuke
4.9.2
dotnetnukedotnetnuke
5.0
dotnetnukedotnetnuke
5.1
dotnetnukedotnetnuke
5.1.1
dotnetnukedotnetnuke
5.1.2
dotnetnukedotnetnuke
5.1.3
dotnetnukedotnetnuke
5.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/60520
http://secunia.com/advisories/37480
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
http://www.securityfocus.com/bid/37139
http://osvdb.org/60520
http://secunia.com/advisories/37480
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
http://www.securityfocus.com/bid/37139