CVE-2008-6399
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors.
Date published : 2009-03-05
http://www.securityfocus.com/bid/33109
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno24/tabid/1188/Default.aspx