DNN Software's security team has discovered a vulnerability in a set of 3rd party components that are used in DNN. This post includes information for sites on DNN Platform (open source) and DNN Evoq (Content Basic, Content and Engage) v 7.1.2 and higher. Be sure to follow these instructions to ensure that your site isn’t compromised.
This vulnerability affects all versions of Evoq and DNN Platform.
In order to protect your site, you will need to download and install the security patch from DNN's website. You can install the package in the same way as any other DNN module.
If you need directions on how to install a DNN module, please see DNN's documentation for "Installing an Extension."
If you are concerned that your site has already been compromised, we encourage you to take advantage of DNN’s Security Analyzer (DNN 9+ users can simply go to Settings > Security > Security Analyzer in their site).
If your site is on a version of DNN that is older than 7.1.2, you have more potential issues than can be solved by this patch. Plus, you're missing out on the work that DNN has done for the past few years to improve the platform overall. If your website is valued, please look into upgrading to a current version of DNN ASAP. If you need help, we offer upgrades as a service. Please contact me, Jason Stone, via email or call me at 314-884-2448 for more information.