Published: November 16, 2006
Version: 1.0
Maximum Severity Rating: Critical
Background
For the 3.3/4.3 releases of DotNetNuke, the membership/roles/provider components were significantly overhauled to allow better granularity of control, and to allow us to make a number of enhancements.
Issue Summary
During the process of rewriting the code to extend the Profile component, an issue was introduced where a user had the ability to inject javascript on the Role management page. This vulnerability allowed for potential hackers to enable access to functionality intended only for administrators/superusers i.e. a user account permission escalation.
Mitigating factors
The user must have access to edit the details of a user account to inject the required javascript.
Affected DotNetNuke versions
- 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 4.3.0, 4.3.1, 4.3.2 ,4.3.3, 4.3.4, 4.3.5
Non-Affected Versions:
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (3.3.6/4.3.6 at time of writing)
Acknowledgments
DotNetNuke thanks the following for working with us to help protect users:
- David Kirby of Risborrow Information Systems Ltd.
Security Policy
Click here to read more details on the DotNetnuke Security Policy