cbcvebase.
CVE-2008-6540
published 2009-03-30

CVE-2008-6540: DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot…

PriorityP334medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
2.50%
82.7th percentile
DotNetNuke before 4.8.2, during installation or upgrade, does not warn the administrator when the default (1) ValidationKey and (2) DecryptionKey values cannot be modified in the web.config file, which allows remote attackers to bypass intended access restrictions by using the default keys.

Affected

17 ranges
VendorProductVersion rangeFixed in
dnnsoftwaredotnetnuke<= 4.8.1
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
dnnsoftwaredotnetnuke
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.