DotNetNuke (formerly IBuySpy Workshop) 1.0.6 up to and including 1.0.10d allows remote malicious users to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dotnetnuke dotnetnuke 1.0.10d |
||
dotnetnuke dotnetnuke 1.0.8 |
||
dotnetnuke dotnetnuke 1.0.9 |
||
dotnetnuke dotnetnuke 1.0.6 |
||
dotnetnuke dotnetnuke 1.0.7 |