PT-2009-6288 · Dnn · Dotnetnuke

Published

2009-11-28

Updated

2009-11-30

CVE-2009-4109

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions DotNetNuke versions 4.0 through 5.1.4

Description The issue allows remote attackers to access version information and possibly other sensitive information due to the install wizard not preventing anonymous users from accessing certain functionality.

Recommendations For versions 4.0 through 5.1.4, consider restricting access to the install wizard to prevent anonymous users from accessing sensitive information until a fix is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-4109

Affected Products

Dotnetnuke

PT-2009-6288 · Dnn · Dotnetnuke

CVE-2009-4109

Weakness Enumeration

Related Identifiers

Affected Products

References · 6