Published: May 27, 2008

Version: 1.0

Maximum Severity Rating: Critical

Background

During installation or upgrade DotNetNuke runs through database scripts in sequence to create the database schema and insert various pieces of data.

Issue Summary

It is possible to remotely force DotNetNuke to run through it's install wizard. This could cause the SQL commands in the database scripts included with the application to re-execute. Since the database scripts are not designed to be re-executed; this could cause data loss or corruption in an installation.

Mitigating factors

This exploit relies on SQL scripts being located in a specific default installation location for the DotNetNuke application. Since there is no way for an attacker to upload their own SQL scripts to this folder, the risk of arbitrary SQL script execution is not a factor.

Affected DotNetNuke versions

3.0 - 4.8.2 inclusive.

Non-Affected Versions:

All other versions

Fix(s) for issue

To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.8.3 at time of writing).

If you unable to upgrade to the latest version, you can rename or delete the following file from your installation: /Install/InstallWizard.aspx .

Acknowledgments

Tony Valenti and Joseph Ravioli

Security Policy

Click here to read more details on the DotNetNuke Security Policy