SOS! My site was disabled on hosting because it contains a vulnerable component Telerik.Web.UI, Version=2013.2.717.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4
The problem is described here: https://know.bishopfox.co...cution-in-telerik-ui
I must to update the CMS so that this library is updated to version 2019.3.1023 or later.
My site version is DNN 9.5 now.
How do I do this? Help please!
The site was subjected to a serious massive attack via a vulnerable Telerik. Telerik is involved (deeply) in DNN version 9.5 even. It turns out that: many sites may be under threat of attacks now!
Hi Cary,
Not sure what you are looking for. The issue raised earlier in this threat has been taken care of in DNN versions after that. If you feel you have discovered a new vulnerability, please email your findings to [email protected]
AFAIK all known attack vectors for Telerik have been removed in 9.7.2. (so the vulnerable parts of it are not used by DNN or not accessible from the outside any more) In the near future Telerik will be removed completely.
The Telerik.Web.UI is vulnerable to exploit attack. We have had several websites hacked where multiple malicious files were uploaded. This was even after we had installed the latest upgrades - DNN 9.8.0 Telerik acknowledges that the Telerik.Web.UI is vulnerable and the latest version Telerik R1 2020 (2020.1.114) must be installed to prevent a hack. Because Telerik no longer ships with DNN by default, the version that we have is 2013 and if we want to continue using Telerik then we would need to purchase the latest version. We therefore removed the two Telerik dlls. However, the DNN File manager then falls over because it is still dependent on the Telerik components. But this is preferable to having the sites hacked every few days.
We have already removed the Telerik Radcontrols, but this is not where the vulnerability is.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.