de-DEen-US
Blog_List
The leading Portal-, CMS-System and Framework on ASP.NET, the follower of Dotnetnuke.
 Matthias Schlomann
 28  3651  8/29/2018
Matthias has been a Core Member at DotNetNuke since 2005 and is part of the Quality Assurance team there. He also supports several DNN Module teams in quality assurance. Matthias was also honored as DNN * MVP in 2013 and 2014. Since October 2011 Matthias is also MCTS SharePoint 2010 Configuration. In the following years Matthias acquired further Microsoft and Axelos exams: 70-331: Core Solutions for Microsoft SharePoint Server 2013 70-332: Advanced Solutions for Microsoft SharePoint Server 2013 ITIL® Foundation Certificate in IT Service Management 70-339: Managing Microsoft SharePoint Server 2016 Matthias has experience in the Microsoft server environment since 1994 and supports networks with Windows Server, SharePoint, SQL Server, Lync, Exchange.
 Matthias Schlomann
 61  10224  8/22/2013
The blog about Microsoft products by Matthias Schlomann
 Matthias Schlomann
 18  3643  12/9/2015
The SharePoint Blog by Matthias Schlomann Matthias has been a Core Member at DotNetNuke since 2005 and is part of the Quality Assurance team there. He also supports several DNN Module teams in quality assurance. Matthias was also honored as DNN * MVP in 2013 and 2014. Since October 2011 Matthias is also MCTS SharePoint 2010 Configuration. In the following years Matthias acquired further Microsoft and Axelos exams: 70-331: Core Solutions for Microsoft SharePoint Server 2013 70-332: Advanced Solutions for Microsoft SharePoint Server 2013 ITIL® Foundation Certificate in IT Service Management 70-339: Managing Microsoft SharePoint Server 2016 Matthias has experience in the Microsoft server environment since 1994 and supports networks with Windows Server, SharePoint, SQL Server, Lync, Exchange.
 Matthias Schlomann
 3  150  8/29/2018
Categories
Blog

DNNBlog 06.00.00 upgrade security issue

By Matthias Schlomann on 9/12/2013

After upgrade the DnnBlog Module to Version 06.00.00 it could be possible that unauthenticated users have access to the 'Mange' and 'Edit Blog' Buttons, and can edit your Blog Posts.  This security issue caused on an error upgrading the Database to Version 06.00.00.  We have localized the issue and it would be fixed with the next release.

 

As it is a security issue we also have a Workaround for you:

 

  1. Login with host permissions
  2. Go to Host tab and select 'Execute SQL'
  3. Add the following script to the SQL tab and run it as script:
1.update {databaseOwner}{objectQualifier}Blog_Blogs set CreatedByUserID = OwnerUserId where CreatedByUserID is null

 

After you runing this script the security issue is gone and your blog is save.

    DNN Platform (Dotnetnuke)
    Blog
    bugfix
    DNN
    dnn blog
    DNN Platform
    DNNBlog
    DotNetNuke
    Fix
    Security
    Comments (1)
    Author
    Matthias Schlomann

    1 comment(s) so far...

    Matthias Schlomann
    Matthias Schlomann 

    Forget to say thank to Stefan Kamphuis who shows me how I have to use debug to search about issues. Thanks a lot! Stefan solved me much hours to search about the issue.
    Blog_Archive
    Blog_Tags
    Privacy Statement | Terms Of Use | © 1994-2024 by AARSYS - Matthias Schlomann