Vulnerability Description
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dnnsoftware | Dotnetnuke | <= 4.8.1 |
References
- http://osvdb.org/43721
- http://secunia.com/advisories/29488Vendor Advisory
- http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149Vendor Advisory
- http://www.securityfocus.com/bid/28438
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49767
- http://osvdb.org/43721
- http://secunia.com/advisories/29488Vendor Advisory
- http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149Vendor Advisory
- http://www.securityfocus.com/bid/28438
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49767
FAQ
What is CVE-2008-6542?
CVE-2008-6542 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file t...
How severe is CVE-2008-6542?
CVE-2008-6542 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6542?
Check the references section above for vendor advisories and patch information. Affected products include: Dnnsoftware Dotnetnuke.