PT-2004-3218 · Dnn · Dotnetnuke

Publicado

2004-12-31

Atualizado

2017-07-11

CVE-2004-2324

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: DotNetNuke versions 1.0.6 through 1.0.10d

Description: The issue allows remote attackers to modify the backend database. This is achieved via the table and field parameters in the "LinkClick.aspx" endpoint.

Recommendations: For versions 1.0.6 through 1.0.10d, consider restricting access to the "LinkClick.aspx" endpoint to minimize the risk of exploitation. Avoid using the table and field parameters in this endpoint until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-2324

Produtos afetados

Dotnetnuke

PT-2004-3218 · Dnn · Dotnetnuke

CVE-2004-2324

Identificadores relacionados

Produtos afetados

Referências · 7