Published: September 10, 2008
Maximum Severity Rating: Critical
DotNetNuke supports using parameters to change the current skin, to allow users to preview skin files and also to dynamically load functions on request.
Skin files are based on asp.net user controls (ascx) but add additional functionality such as security validation. Due to a weakness is validating the parameter it is possible to load an existing ascx file directly rather than loading a skin file that then loads the control. In a limited number of scenarios this can allow certain existing controls to subvert the security mechanism and could result in users gaining access to admin or host functions. Code has been added to close this authentication blindspot.
This vulnerability only allows existing ascx files to be loaded, many of which have additional security checks, ensuring that they could not be exploited.
Affected DotNetNuke versions
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (4.9.0 at time of writing)
DotNetNuke thanks the following for working with us to help protect users:
Click here to read more details on the DotNetnuke Security Policy