Moderate severityNVD Advisory· Published Mar 30, 2009· Updated Jun 16, 2026
CVE-2008-6540
CVE-2008-6540
Description
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
DotNetNuke.CoreNuGet | < 4.8.2 | 4.8.2 |
Affected products
18cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*range: <=4.8.1
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.10d:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.10e:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:dnnsoftware:dotnetnuke:4.5.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- www.securityfocus.com/bid/28391nvdExploitWEB
- secunia.com/advisories/29488nvdVendor AdvisoryWEB
- www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno12/tabid/1148/Default.aspxnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-grw3-hjjm-5cjmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-6540ghsaADVISORY
- osvdb.org/43720nvdWEB
- www.securityfocus.com/archive/1/489957/100/0/threadednvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/41399nvdWEB
News mentions
0No linked articles in our index yet.