CVE-2008-6399
published 2009-03-05CVE-2008-6399: Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.
PriorityP430medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
1.95%
77.8th percentile
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
DotNetNuke up to 4.9 User Account access control (ID 12319 / SBV-24613)
vuldb·2026-04-29·CVSS 6.4
CVE-2008-6399 [MEDIUM] DotNetNuke up to 4.9 User Account access control (ID 12319 / SBV-24613)
A vulnerability, which was classified as critical, has been found in DotNetNuke up to 4.9. This issue affects some unknown processing of the component User Account. The manipulation leads to improper access controls.
This vulnerability is referenced as CVE-2008-6399. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-7c6g-vw83-7695: Unspecified vulnerability in DotNetNuke 4
ghsa_unreviewed·2022-05-17
CVE-2008-6399 [MEDIUM] GHSA-7c6g-vw83-7695: Unspecified vulnerability in DotNetNuke 4
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/51141http://secunia.com/advisories/33401http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno24/tabid/1188/Default.aspxhttp://www.securityfocus.com/bid/33109http://osvdb.org/51141http://secunia.com/advisories/33401http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno24/tabid/1188/Default.aspxhttp://www.securityfocus.com/bid/33109
2009-03-05
Published