Maximum Severity Rating: Low
DotNetNuke creates a series of log files for database operations during install and upgrade.
If during install/upgrade an error occurs, the exception details are written to the logfiles. There is a small possibility that information in these files could prove useful to a potential hacker.
In addition, the existance of log files can be helpful to hackers when attempting to profile an application to determine it's version.
Affected DotNetNuke versions
Fix(s) for issue
To fix this problem, you are recommended to update to the latest version of DotNetNuke (5.4.3 at time of writing).
Alternatively users can block access to log files by adding the following to their web.config's HttpHandler section.
<add verb="*" path="*.log" type="System.Web.HttpForbiddenHandler"/>
PowerDNN Engineering Team
Click here to read more details on the DotNetNuke Security Policy