CVE-2009-4109

N/A Unknown
Published: November 29, 2009 Modified: April 24, 2026
View on NVD

Description

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://osvdb.org/60520
Source: cve@mitre.org
http://secunia.com/advisories/37480
Source: cve@mitre.org
Vendor Advisory
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/37139
Source: cve@mitre.org
http://osvdb.org/60520
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/37480
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/37139
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.3%
57th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

dnnsoftware

Related CVEs

CVE-2026-6786 8.1
CVE-2026-6785 8.1
CVE-2026-7041 3.7
CVE-2026-7039 7.8
CVE-2026-7038 3.3