CVE-2008-7102 Information

Description

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files and possibly access privileged functionality via unknown vectors related to parameter validation.

Reference

http://osvdb.org/48345 http://secunia.com/advisories/31893 http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno23/tabid/1176/Default.aspx http://www.securityfocus.com/bid/31145 https://exchange.xforce.ibmcloud.com/vulnerabilities/45077