Primary

Context

DNN Forceful Friend Request Acceptance Vulnerability

Vulnerability

Patched

A vulnerability in the friends feature of DNN (formerly DotNetNuke) web content management platform, affects versions 6.0.0 through prior to 10.2.2. The issue allows a user to manipulate a request that forces the acceptance of a friend request on behalf of another user.

Impact

Exploitation of this vulnerability could lead to unauthorized acceptance of friend requests, potentially allowing for unwanted social interactions or connections between users.

Remediation

Users can upgrade to DNN version 10.2.2, where this vulnerability has been patched. Instructions for upgrading DNN can be found in the DNN documentation.

Added: Apr 17, 2026, 10:33 PM

Updated: Apr 17, 2026, 10:33 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.4

remediation

7.7

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DNN Forceful Friend Request Acceptance Vulnerability

Vulnerability

Impact

Remediation

Affected Products

DNN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating