CVE-2008-6542
published 2009-03-30CVE-2008-6542: Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of…
PriorityP420medium4.6CVSS 2.0
AVNACHAuSCPIPAP
EPSS
1.61%
72.9th percentile
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dotnetnuke | <= 4.8.1 | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
DotNetNuke up to 4.8.1 privilege escalation (XFDB-49767 / BID-28438)
vuldb·2026-04-29·CVSS 4.6
CVE-2008-6542 [MEDIUM] DotNetNuke up to 4.8.1 privilege escalation (XFDB-49767 / BID-28438)
A vulnerability, which was classified as problematic, was found in DotNetNuke up to 4.8.1. This issue affects some unknown processing. Executing a manipulation can lead to privilege escalation.
This vulnerability is tracked as CVE-2008-6542. The attack can be launched remotely. No exploit exists.
You should upgrade the affected component.
GHSA
GHSA-5mw6-9457-8h48: Unspecified vulnerability in the Skin Manager in DotNetNuke before 4
ghsa_unreviewed·2022-05-17
CVE-2008-6542 [MEDIUM] GHSA-5mw6-9457-8h48: Unspecified vulnerability in the Skin Manager in DotNetNuke before 4
Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/43721http://secunia.com/advisories/29488http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspxhttp://www.securityfocus.com/bid/28438https://exchange.xforce.ibmcloud.com/vulnerabilities/49767http://osvdb.org/43721http://secunia.com/advisories/29488http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspxhttp://www.securityfocus.com/bid/28438https://exchange.xforce.ibmcloud.com/vulnerabilities/49767
2009-03-30
Published