Critical DNN Security Issues
Source: https://www.dnnsoftware.com/community/security/security-center
This page lists ONLY the CRITICAL security issues since 2012. Visit the above link to learn about 'medium', 'low' and other 'critical' issues.
| Issue | Fixed in | Versions Affected |
|---|---|---|
| 2018-13 (Critical) Possible Leaked Cryptographic Information | 9.2.2 | 5.0.0 up to 9.2.1 |
| 2017-08 (Critical) Possible remote code execution on DNN sites | 9.1.1 | 5.0.0 up to 9.1.0 |
| 2017-10 (Critical) Possibility of uploading malicious files to DNN sites | 9.1.1 | 5.2.0 up to 9.1.0 |
| 2017-05 (Critical) Revealing of Profile Properties | 9.0.2 | 6.2.0 up to 9.0.1 |
| 2016-06 (Critical) Unauthorized users may create new SuperUser accounts | 8.0.3 (Evoq 8.4.2) | 7.0.0 up to 8.0.2 |
| 2016-05 (Critical) Potential file upload by unauthenticated users | 8.0.2 (Evoq 8.4.1) | 8.0.0 up to 8.0.1 |
| 2016-04 (Critical) Potential CSRF issue on WebAPI POST requests | 8.0.1 (Evoq 8.4.0) | |
| 2015-05 (Critical) unauthorized users may create new host accounts | 8.0.3 (Evoq 8.4.2) | 6.2.0 up to 9.0.1 |
| 2014-02 (Critical) improve captcha logic & mitigate against automated registration attacks | 7.3.2 | up to 7.3.1 |
| 2013-02 (Critical) Protect against member directory filtering issue | 6.2.6 | 6.2.0 up to 6.2.5 |
| 2012-12 (Critical) Member directory results fail to apply extended visibility correctly | 6.2.5 | 6.2.1 up to 6.2.4 |
| 2012-2 (Critical) Non-approved users can access user and role functions | 5.6.7 | up to 5.6.6 |