Summary
The host is installed with DotNetNuke and is prone to Authentication Bypass vulnerability.
Impact
Successful exploitation could allows remote attackers to bypass security restrictions via unknown vectors related to a 'unique id' and impersonate other users and possibly gain elevated pivileges.
Impact Level: Application
Solution
Upgrade to DotNetNuke version 4.9.0 or latest
For updates refer to http://www.dotnetnuke.com/
Insight
The vulnerability is caused due improper validation of a user identity.
Affected
DotNetNuke versions 4.4.1 to 4.8.4.
References
Severity
Classification
-
CVE CVE-2008-7100 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities