CVE-2009-4109
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
29/11/2009
Last modified:
09/04/2025
Description
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.3.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.6.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dotnetnuke:dotnetnuke:4.8.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/60520
- http://secunia.com/advisories/37480
- http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
- http://www.securityfocus.com/bid/37139
- http://osvdb.org/60520
- http://secunia.com/advisories/37480
- http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
- http://www.securityfocus.com/bid/37139