CVE-2019-19392

Name of the Vulnerable Software and Affected Versions DNN (formerly DotNetNuke) forDNN.UsersExportImport module versions prior to 1.2.0

Description The issue allows an unprivileged user to import new users with Administrator privileges by including specific roles in XML or CSV data, such as Roles="Administrators".

Recommendations For versions prior to 1.2.0, update the forDNN.UsersExportImport module to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the user import functionality to prevent unauthorized creation of administrator accounts.