Yes. DNN Platform is a free, open-source CMS under the MIT License.

What is the tech stack for DNN?

DNN runs on ASP.NET (.NET Framework 4.8+) with Microsoft SQL Server (2017+ or Azure SQL).

DNN Platform is community-led and a member project of the .NET Foundation.

What’s the difference between DNN and Evoq?

DNN Platform is the open-source core that's been wildly popular and adopted for over 20 years. Evoq is a commercial offering maintained by DNN Software (IgniteTech) that builds on DNN.

DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Go-To Security Consultant

6 Replies

3 Subscribed to this topic

28 Subscribed to this forum

Sort:

Author

Messages

jacton

New Around Here

Posts: 19

3/26/2025 9:39 AM

Anybody have any experience with any of the DNN consulting firms in regard to security related items?

I've got a reoccuring issue that I thought I fixed months ago by upgrading to 9.11.2, but the same issue has occcured again.

That's all the details I can give for now, but I'm looking for the best of the best when it comes to security/vulnerabilities to review our system to make sure it doesn't happen again.

Thanks!

Tycho de Waard (SU)

Veteran Member

Posts: 838

Helpful Replier

New Poster

3/26/2025 4:07 PM

Hi there
I think we can assist you best if you log your issue on https://github.com/dnnsof...urity/advisories/new

Daniel Valadas

Veteran Member

Posts: 349

Helpful Replier

MVP

Engaged Reader

Avid Reader

3/26/2025 4:49 PM

To add to Tycho reply, that url is THE place to report/discuss any potential security issue as it allows having a more detailed private discussion and get help from a team that knows a lot for DNN security. It is important though before getting into that:
1. Update to the latest DNN version
2. Remove Telerik
3. Make sure everything is green in the Security Analyzer

We care a lot about security and using that link is the first step and then we can exchange the whole story and logs and what not in a private setting.

jacton

New Around Here

Posts: 19

3/26/2025 7:31 PM

Thanks for the reply, guys.

Sorry, I don't want to alarm anybody about any new vulnerabilities or anything, as I don't believe it's anything of that nature.

I've been in contact with the OG Mitchel Sellers, and he's been assisting.

I'll go ahead and log the issue on github, though I'm not able to confirm everything as green on security analyzer as our site is currently offline. I can tell you we're on 9.11.2 and we still needed Telerik for some things, so it was patched with a newer dll provided for free by Telerik.

jacton

New Around Here

Posts: 19

3/26/2025 7:54 PM

After looking at the vulnerability report page on github, that doesn't look like something necessary for this.

I'll share this: we noticed files added to our root directory that weren't done by us. Also noticed AdSense ads being servered that weren't ours.

After some digging and help from Mitchel, all signs point to an outdated (and unused) module. Unforunately we missed it during the last upgrade as it isn't used. I don't want to slander the module providers name, as this is more of an oversite on our part, but you can read more about it here if you want to see the fussing and fighting - Will will likely remember this post, haha.

Thanks

Tycho de Waard (SU)

Veteran Member

Posts: 838

Helpful Replier

New Poster

3/27/2025 5:57 AM

As people will follow the link, the vendor is still exposed. And the issue was broadcasted b yDNN Corp as quite serious. To put it in perspective:

It is an issue dating from 7 years ago
It was the only issue (AFAIK) of this vendor in 15 years
The issue was solved and the modules are still maintained and features added

Will Strohl

Senior Member

Posts: 1607

MVP

New Poster

3/27/2025 12:46 PM

Posted By Tycho de Waard (SU) on 3/27/2025 2:57 AM
As people will follow the link, the vendor is still exposed. And the issue was broadcasted b yDNN Corp as quite serious. To put it in perspective:

It is an issue dating from 7 years ago

It was the only issue (AFAIK) of this vendor in 15 years

The issue was solved and the modules are still maintained and features added

Thank you for documenting this again for the community and ecosystem, Tycho! 💪🏽

Will Strohl
Founder & CEO, Upendo Ventures

🛠️ Have a DNN Project? | 🛡️ Need SLA-based DNN Support?

🤔 Was my answer helpful to you? ❤️ Sponsor Us On GitHub

These Forums are for the discussion of the open source CMS DNN platform and ecosystem.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy.
No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
No Flaming or Trolling.
No Profanity, Racism, or Prejudice.
Site Moderators have the final word on approving / removing a thread or post or comment.
English language posting only, please.

Would you like to help us?

Awesome! Simply post in the forums using the link below and we'll get you started.

Get Involved