DotNetNuke multiple vulnerabilities
Description
DotNetNuke versions 5.6.6 and earlier, as well as versions 6.0.0 through 6.1.2, contain multiple security vulnerabilities that allow unauthorized access and information disclosure. These include: (1) A file enumeration weakness in DotNetNuke.RadEditorProvider that allows attackers to discover the existence of sensitive .resources and .config files through improper input validation; (2) A reflected cross-site scripting (XSS) vulnerability caused by insufficient sanitization of URL parameters before rendering them to users; and (3) An authorization bypass flaw in user management functions that permits unauthorized users to perform administrative actions. These vulnerabilities can be exploited remotely without authentication in most cases.
Remediation
Immediately upgrade to a patched version of DotNetNuke to remediate these vulnerabilities:
• For DotNetNuke 5.x installations: Upgrade to version 5.6.8 or later
• For DotNetNuke 6.x installations: Upgrade to version 6.1.3 or later
After upgrading, perform the following verification steps:
1. Review user accounts and roles for any unauthorized modifications that may have occurred prior to patching
2. Audit server logs for suspicious file enumeration attempts or XSS exploitation patterns
3. Implement Content Security Policy (CSP) headers to provide defense-in-depth against XSS attacks
4. Ensure that all custom modules and extensions are also updated to compatible versions
If immediate patching is not possible, implement temporary mitigations such as restricting access to the RadEditorProvider functionality and implementing Web Application Firewall (WAF) rules to filter malicious URL parameters.