Two hyper-critical security flaws in the standard DotNetNuke framework have been discovered by the leader in DotNetNuke Services and Solutions, PowerDNN.

Two Hyper-Critical security flaws in the standard DotNetNuke Framework have been discovered by the PowerDNN Engineering Team, as lead by Mr. Tony Valenti and Mr. Joseph Ravioli, as of Yesterday evening at 9:47PM US Central Time. These security flaws, if left unpatched, would allow any website visitor to alter the DotNetNuke web.config file as well as remotely execute SQL scripts against the DotNetNuke database. To create patches for all affected versions of DotNetNuke, since last night, the entire PowerDNN engineering team has been working around the clock. These patches have been created and deployed to all PowerDNN customers, as of 7:42PM US Central Time.

Regarding these vulnerabilities, PowerDNN will be gradually releasing more details to the general community. It is especially important for them to approach this issue in a sensitive and confidential manner, because of the large number of people running un-patched, standard versions of DotNetNuke. An online DotNetNuke Website Scanner, to aide with this, is now available from PowerDNN DNN Hosting.

PowerDNN.com, founded in 2002, is the full circle DotNetNuke solutions provider, servicing organizations ranging from small businesses to Fortune 500 Companies to the Federal Government of the United States of America. PowerDNN, specializing in high-reliability, business-critical DotNetNuke solutions, is the clear choice of business and technology experts who demand exceptional customer service and enterprise engineering support for DotNetNuke.