Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform server-side execution of application logic by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dotnetnuke | Dotnetnuke | * | 4.8.1 (including) |
| Dotnetnuke | Dotnetnuke | 1.0.6 (including) | 1.0.6 (including) |
| Dotnetnuke | Dotnetnuke | 1.0.7 (including) | 1.0.7 (including) |
| Dotnetnuke | Dotnetnuke | 1.0.8 (including) | 1.0.8 (including) |
| Dotnetnuke | Dotnetnuke | 1.0.9 (including) | 1.0.9 (including) |
| Dotnetnuke | Dotnetnuke | 1.0.10d (including) | 1.0.10d (including) |
| Dotnetnuke | Dotnetnuke | 1.0.10e (including) | 1.0.10e (including) |
| Dotnetnuke | Dotnetnuke | 2.1.1 (including) | 2.1.1 (including) |
| Dotnetnuke | Dotnetnuke | 2.1.2 (including) | 2.1.2 (including) |
| Dotnetnuke | Dotnetnuke | 3.0.7 (including) | 3.0.7 (including) |
| Dotnetnuke | Dotnetnuke | 3.0.8 (including) | 3.0.8 (including) |
| Dotnetnuke | Dotnetnuke | 3.0.11 (including) | 3.0.11 (including) |
| Dotnetnuke | Dotnetnuke | 3.1.0 (including) | 3.1.0 (including) |
| Dotnetnuke | Dotnetnuke | 4.0 (including) | 4.0 (including) |
| Dotnetnuke | Dotnetnuke | 4.5.2 (including) | 4.5.2 (including) |
References
- http://osvdb.org/43721
- http://secunia.com/advisories/29488
- http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx
- http://www.securityfocus.com/bid/28438
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49767
- http://osvdb.org/43721
- http://secunia.com/advisories/29488
- http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx
- http://www.securityfocus.com/bid/28438
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49767