CVE-2008-7102
published 2009-08-27CVE-2008-7102: DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.41%
69.4th percentile
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
DotNetNuke up to 4.8.4 input validation (XFDB-45077 / BID-31145)
vuldb·2026-04-29·CVSS 7.5
CVE-2008-7102 [HIGH] DotNetNuke up to 4.8.4 input validation (XFDB-45077 / BID-31145)
A vulnerability categorized as critical has been discovered in DotNetNuke. The impacted element is an unknown function. Such manipulation of the argument to leads to improper input validation.
This vulnerability is traded as CVE-2008-7102. The attack may be launched remotely. There is no exploit available.
GHSA
GHSA-mqhv-8fhf-vpwr: DotNetNuke 2
ghsa_unreviewed·2022-05-17
CVE-2008-7102 [HIGH] CWE-20 GHSA-mqhv-8fhf-vpwr: DotNetNuke 2
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/48345http://secunia.com/advisories/31893http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspxhttp://www.securityfocus.com/bid/31145https://exchange.xforce.ibmcloud.com/vulnerabilities/45077http://osvdb.org/48345http://secunia.com/advisories/31893http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspxhttp://www.securityfocus.com/bid/31145https://exchange.xforce.ibmcloud.com/vulnerabilities/45077
2009-08-27
Published