CVE-2009-4109
published 2009-11-29CVE-2009-4109: The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an…
PriorityP422medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.23%
65.1th percentile
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
DotNetNuke up to 5.1.4 Install Wizard information disclosure (BID-37139 / SA37480)
vuldb·2026-04-29·CVSS 5.0
CVE-2009-4109 [MEDIUM] DotNetNuke up to 5.1.4 Install Wizard information disclosure (BID-37139 / SA37480)
A vulnerability marked as problematic has been reported in DotNetNuke. Impacted is an unknown function of the component Install Wizard. The manipulation leads to information disclosure.
This vulnerability is uniquely identified as CVE-2009-4109. The attack is possible to be carried out remotely. No exploit exists.
GHSA
GHSA-vc99-gqjv-x726: The install wizard in DotNetNuke 4
ghsa_unreviewed·2022-05-02
CVE-2009-4109 [MEDIUM] CWE-200 GHSA-vc99-gqjv-x726: The install wizard in DotNetNuke 4
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/60520http://secunia.com/advisories/37480http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspxhttp://www.securityfocus.com/bid/37139http://osvdb.org/60520http://secunia.com/advisories/37480http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspxhttp://www.securityfocus.com/bid/37139
2009-11-29
Published