CVE-2009-4109

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
29/11/2009
Last modified:
09/04/2025

Description

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.4:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.5:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.0:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.2:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.0:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.1:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.2:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.3:*:*:*:*:*:*:*
cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.4:*:*:*:*:*:*:*