PT-2004-3218 · Dnn · Dotnetnuke
Published
2004-12-31
·
Updated
2017-07-11
·
CVE-2004-2324
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
DotNetNuke versions 1.0.6 through 1.0.10d
Description:
The issue allows remote attackers to modify the backend database. This is achieved via the
table and field parameters in the "LinkClick.aspx" endpoint.Recommendations:
For versions 1.0.6 through 1.0.10d, consider restricting access to the "LinkClick.aspx" endpoint to minimize the risk of exploitation. Avoid using the
table and field parameters in this endpoint until the issue is resolved.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dotnetnuke