Main Vulnerability Database Vulnerabilities #VU41928

Input validation error in DotNetNuke - CVE-2013-7335

Published: March 12, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41928

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-7335

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: DNN

Affected software:
DotNetNuke

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

How to mitigate CVE-2013-7335

Install update from vendor's website.

Sources

http://secunia.com/advisories/53493
http://www.dnnsoftware.com/platform/manage/security-center
http://www.securityfocus.com/bid/61809

Input validation error in DotNetNuke - CVE-2013-7335

Detailed vulnerability description

How to mitigate CVE-2013-7335

Sources

Please verify you're human