There was a recently discovered critical security issue with DNN (Dotnetnuke).
The bottom line of this is that there are no secure versions of DNN anymore lower than the latest release 9.6.1.
This is a reminder for anyone running DNN to upgrade their installations to the latest version.
We are seeing many instances of DNN being abused on a regular basis.
Issue Summary:
A malicious user may be able to replace or update files with specific file extensions with content of their selection, without being authenticated to the website.
DNN Security Center:
https://www.dnnsoftware.com/community/security/security-center
DNN 9.6.1 Download:
https://github.com/dnnsoftware/Dnn.Platform/releases/tag/v9.6.1
mardi, juin 23, 2020