CVE-2008-7100
published 2009-08-27CVE-2008-7100: Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors…
PriorityP432medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.22%
64.8th percentile
Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
DotNetNuke up to 4.8.4 privilege escalation (XFDB-45081 / BID-31145)
vuldb·2026-04-29·CVSS 6.5
CVE-2008-7100 [MEDIUM] DotNetNuke up to 4.8.4 privilege escalation (XFDB-45081 / BID-31145)
A vulnerability was found in DotNetNuke up to 4.8.4. It has been declared as critical. Impacted is an unknown function. The manipulation results in privilege escalation.
This vulnerability is reported as CVE-2008-7100. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-gv8m-8797-qpcj: Unspecified vulnerability in DotNetNuke 4
ghsa_unreviewed·2022-05-17
CVE-2008-7100 [MEDIUM] GHSA-gv8m-8797-qpcj: Unspecified vulnerability in DotNetNuke 4
Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to bypass authentication and gain privileges via unknown vectors related to a "unique id" for user actions and improper validation of a "user identity."
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/48343http://secunia.com/advisories/31893http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspxhttp://www.securityfocus.com/bid/31145https://exchange.xforce.ibmcloud.com/vulnerabilities/45081http://osvdb.org/48343http://secunia.com/advisories/31893http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno21/tabid/1174/Default.aspxhttp://www.securityfocus.com/bid/31145https://exchange.xforce.ibmcloud.com/vulnerabilities/45081
2009-08-27
Published