Back to search
CVE-2004-2323
Published: Aug 16, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
10747
third-party-advisory
x_refsource_SECUNIA
3749
vdb-entry
x_refsource_OSVDB
9518
vdb-entry
x_refsource_BID
20040128 Dotnetnuke Multiple Vulnerabilities
mailing-list
x_refsource_FULLDISC
dotnetnuke-get-information-disclosure(14972)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now