VYPR
Unrated severityNVD Advisory· Published Mar 30, 2009· Updated Jun 16, 2026

CVE-2008-6542

CVE-2008-6542

Description

Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.

Affected products

17
  • cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*range: <=4.8.1
    • cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.10d:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.10e:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:dnnsoftware:dotnetnuke:4.5.2:*:*:*:*:*:*:*
    • (no CPE)range: <4.8.2
  • Range: <4.8.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.