Register | Log In
Store Download Support Blogs Forums Contact
News > Security Policy > Security bulletin no 24

User can gain access to additional roles

Published: December 24, 2008

Version: 1.0

Maximum Severity Rating: Critical

Background

DotNetNuke uses role membership to control access to content and modules

Issue Summary

An issue exists where a user with login details to a DotNetNuke site could add additional roles to their user account. Code has been added to stop this happening.

Mitigating factors

This vulnerability can only be exploited by users with a valid username/password combination on a website.

Affected DotNetNuke versions

  • 4.5.2 - 4.9

Non-Affected Versions:

  • All other versions

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.9.1 at time of writing)

Acknowledgments

N/A

Security Policy


Click here to read more details on the DotNetnuke Security Policy

Attend A Webinar
Try An Online Demo
Download DotNetNuke Professional Edition Trial
Have Someone Contact Me

Like Us on Facebook Join our Network on LinkedIn Follow DNN Corporate on Twitter Follow DNN on Twitter

Advertisers

Sponsors

DotNetNuke Corporation

DotNetNuke Corp. is the steward of the DotNetNuke open source project, the most widely adopted Web Content Management Platform for building web sites and web applications on Microsoft .NET. Organizations use DotNetNuke to quickly develop and deploy interactive and dynamic web sites, intranets, extranets and web applications. The DotNetNuke platform is available in a free Community and subscription-based Professional and Enterprise Editions with an Elite Support option. DotNetNuke Corp. also operates Snowcovered.com where users purchase third party apps for the platform.
Copyright © 2002-2012 DotNetNuke Corp. / Terms of Use / Privacy
Hosted by MaximumASP