CVE-2019-19392
📋 TL;DR
The forDNN.UsersExportImport module before version 1.2.0 for DNN (DotNetNuke) allows unprivileged users to import new user accounts with Administrator privileges by manipulating XML or CSV import data. This vulnerability affects DNN installations using the vulnerable module, enabling privilege escalation from low-privileged accounts to full administrative control.
💻 Affected Systems
- forDNN.UsersExportImport module for DNN (DotNetNuke)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains full administrative control over the DNN instance, allowing them to modify content, steal sensitive data, install backdoors, or completely compromise the system.
Likely Case
An attacker with any user account creates administrator accounts to take over the DNN portal, potentially leading to data theft, defacement, or further system compromise.
If Mitigated
With proper access controls and monitoring, unauthorized import attempts are detected and blocked, limiting impact to failed attack attempts.
🎯 Exploit Status
Exploitation requires at least a low-privileged user account. Attack involves crafting XML/CSV files with Administrator role assignments and using the import functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.0
Vendor Advisory: https://github.com/fordnn/usersexportimport/commits/master
Restart Required: No
Instructions:
1. Download version 1.2.0 or later from the GitHub repository. 2. Replace the existing UsersExportImport module files with the patched version. 3. Verify the module version in DNN's Extensions page.
🔧 Temporary Workarounds
Disable or Remove Module
allTemporarily disable or uninstall the UsersExportImport module until patching is possible.
Navigate to DNN Admin > Extensions > Uninstall UsersExportImport module
Restrict Module Access
allChange module permissions to allow access only to Administrator roles.
Edit module permissions in DNN to remove access for non-administrative roles
🧯 If You Can't Patch
- Implement strict monitoring of user import activities and audit logs for suspicious administrator account creation
- Enforce principle of least privilege by reviewing and minimizing user access to import/export functionalities
🔍 How to Verify
Check if Vulnerable:
Check the installed version of UsersExportImport module in DNN Extensions page. If version is below 1.2.0, the system is vulnerable.Check Version:
Check DNN Extensions page or examine module files for version informationVerify Fix Applied:
Verify module version shows 1.2.0 or higher in DNN Extensions. Test import functionality with non-admin user to confirm privilege escalation is prevented.📡 Detection & Monitoring
Log Indicators:
- Multiple user import attempts from non-admin accounts
- User creation events with Administrator role assignments
- Failed permission checks in module logs
Network Indicators:
- HTTP POST requests to UsersExportImport import endpoints from non-admin users
- XML/CSV file uploads containing 'Administrator' role strings
SIEM Query:
source="dnn_logs" AND (event="user_import" OR event="user_creation") AND user_role="Administrator" AND NOT user="admin"