Our security team was recently informed of a security vulnerability in a third-party component suite that is used within DNN Products. It is critical that you follow the instructions provided in this post to ensure that your site isn’t compromised.
This vulnerability affects all versions of Evoq and DNN Platform.
In order to protect your site, you will need to download and install the Security Patch. You will install this package just like any other module in your site. Please follow the instructions in our documentation center for how to install an extension.
Essential Resources:
Please do not wait to protect your site. It will only take a few minutes to install the patch. For Evoq customers, Customer Support Team is also available to address any questions that you may have.
Frequently Asked Questions
What versions of DNN products are affected by this issue?
All DNN products since DNN 5.2 are affected. However, this patch only applies to versions 7.1.2 and higher.
What if I’m on a version older than 7.1.2?
There are other security vulnerabilities in versions prior to 7.1.2. This patch alone will not protect your site. You must upgrade to a newer version for this patch to work properly. Evoq customers may contact support for more information.
How do I install this patch?
You will install this patch just like any other module or extension. Please follow the steps outlined in our documentation center for installing modules.
What will happen if I don’t install this patch?
This patch is necessary to ensure that your site is secure. Failure to install this patch may compromise the security of your site.
Is it possible that my site has already been compromised?
We recommend using DNN’s Security Analyzer to check if your site has been compromised. Evoq customers may contact customer support for more details.
How do I access the Security Analyzer tool?
In version 9, you can access the Security Analyzer from Settings > Security > Security Analyzer. Older versions should download and install the Security Analyzer tool.
https://github.com/DNNCommunity/SecurityAnalyzer/releases
Where is the Security Bulletin about this issue?
We will post a security bulletin within the next week. We want to ensure that DNN customers have time to patch their sites properly.
What if I have more questions?
Evoq customers may create a support ticket to ask additional questions. Other DNN users may send an email to security@dnnsoftware.com.