DotNetNuke Multiple Vulnerabilities
BID:9518
Info
DotNetNuke Multiple Vulnerabilities
| Bugtraq ID: | 9518 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 28 2004 12:00AM |
| Updated: | Jan 28 2004 12:00AM |
| Credit: | The disclosure of these issues has been credited to Ferruh Mavituna <[email protected]>. |
| Vulnerable: |
DotNetNuke DotNetNuke 1.0.10 d DotNetNuke DotNetNuke 1.0.9 DotNetNuke DotNetNuke 1.0.8 DotNetNuke DotNetNuke 1.0.7 DotNetNuke DotNetNuke 1.0.6 |
| Not Vulnerable: |
DotNetNuke DotNetNuke 1.0.10 e |
Discussion
DotNetNuke Multiple Vulnerabilities
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to access sensitive files and source code, carry out SQL injection and cross-site scripting attacks.
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to access sensitive files and source code, carry out SQL injection and cross-site scripting attacks.
Exploit / POC
DotNetNuke Multiple Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
DotNetNuke Multiple Vulnerabilities
Solution:
The vendor has released fixes to address this issue. Users are advised to download either DotNetNuke 1.0.10e - FULL (for those who are installing DotNetNuke for the first time or are running a version prior to 1.0.10d) or DotNetNuke 1.0.10e - PATCH (or those who are already running DotNetNuke 1.0.10d) from the vendor site.
Solution:
The vendor has released fixes to address this issue. Users are advised to download either DotNetNuke 1.0.10e - FULL (for those who are installing DotNetNuke for the first time or are running a version prior to 1.0.10d) or DotNetNuke 1.0.10e - PATCH (or those who are already running DotNetNuke 1.0.10d) from the vendor site.
References
DotNetNuke Multiple Vulnerabilities
References:
References:
- DotNetNuke Homepage (DotNetNuke)
- DotNetNuke Security Alert *IMPORTANT* (DotNetNuke)