CVE-2008-6542 - OpenCVE

Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dotnetnuke	Dotnetnuke

Configuration 1 [-]

OR	cpe:2.3:a:dotnetnuke:dotnetnuke::::::::
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10e:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.1:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.2:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.7:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.8:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.11:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:3.1.0:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:::::::*
	cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:::::::*

No data.

References

Link	Providers
http://osvdb.org/43721
http://secunia.com/advisories/29488
http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx
http://www.securityfocus.com/bid/28438
https://exchange.xforce.ibmcloud.com/vulnerabilities/49767

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-03-30T01:00:00

Updated: 2024-08-07T11:34:46.925Z

Reserved: 2009-03-29T00:00:00

Link: CVE-2008-6542

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-03-30T01:30:00.377

Modified: 2017-08-17T01:29:22.817

Link: CVE-2008-6542

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-19T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform \"server-side execution of application logic\" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx"}, {"name": "dotnetnuke-skinmanager-unspecified(49767)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49767"}, {"name": "29488", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29488"}, {"name": "28438", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28438"}, {"name": "43721", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/43721"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6542", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform \"server-side execution of application logic\" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx", "refsource": "CONFIRM", "url": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx"}, {"name": "dotnetnuke-skinmanager-unspecified(49767)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49767"}, {"name": "29488", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29488"}, {"name": "28438", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28438"}, {"name": "43721", "refsource": "OSVDB", "url": "http://osvdb.org/43721"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:34:46.925Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx"}, {"name": "dotnetnuke-skinmanager-unspecified(49767)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49767"}, {"name": "29488", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29488"}, {"name": "28438", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28438"}, {"name": "43721", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/43721"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6542", "datePublished": "2009-03-30T01:00:00", "dateReserved": "2009-03-29T00:00:00", "dateUpdated": "2024-08-07T11:34:46.925Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFFBB6F1-D566-4D0D-B8F2-F8817D3DB7CA", "versionEndIncluding": "4.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "4300BB9D-1A72-4005-AA68-35DB57A551E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "797726FF-24E9-415A-AC8B-2AE3301F8824", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "DC6BB8DE-9497-42D7-A29D-BCAC75337A96", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "54AB8E47-5484-4449-88BA-90F0CCED285A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10d:*:*:*:*:*:*:*", "matchCriteriaId": "B111556A-56AC-413C-A1B7-D973492BA8F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:1.0.10e:*:*:*:*:*:*:*", "matchCriteriaId": "FE94AE61-4CA4-48B5-BB08-D808CF750CFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7863328-514C-4885-B5DD-5E04503962E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "750F735B-1419-4FCF-84F0-05E13608B73D", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "BF8EC31D-9C28-46D7-83C6-9720AA0DBC1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "81D4BDCE-EF83-48E2-BDC7-F6F6CE5CE51F", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "E2A5E7E9-4530-4CA9-BD61-4A22D17A898F", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7DEB2BD-8543-4408-B96E-616AFEBEEB12", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "31D0AA24-9FA3-4AFD-920A-295898473918", "vulnerable": true}, {"criteria": "cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "68F28416-0ABF-4B2F-87A4-C4EC4D0CA227", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform \"server-side execution of application logic\" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files."}, {"lang": "es", "value": "Vulnerabilidad no espec\u00edfica en Skin Manager en DotNetNuke anteriores a v4.8.2 permite a administradores autentificados remotos ejecutar una aplicaci\u00f3n l\u00f3gica desde el lado del servidor, subiendo un fichero est\u00e1tico que es convertido a script din\u00e1mico a trav\u00e9s de vectores desconocidos, relativos a ficheros HTM y HTML."}], "evaluatorComment": "Per vendor advisory: http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx\r\n\r\n\r\nMitigating factors\r\n\r\n * The host user must have added the HTM or HTML file type to the default File Upload Extensions\r\n * The user must have access to the file manager.\r\n * By default this issue only affects Admin users.\r\n", "id": "CVE-2008-6542", "lastModified": "2017-08-17T01:29:22.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-03-30T01:30:00.377", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/43721"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29488"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28438"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49767"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}