Search criteria
27 vulnerabilities found for cm3_acora_content_management_system by ddsn
FKIE_CVE-2025-25968
Vulnerability from fkie_nvd - Published: 2025-02-20 18:15 - Updated: 2025-09-30 20:05
Severity ?
Summary
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://ddsn.com | Product | |
| cve@mitre.org | https://github.com/padayali-JD/CVE-2025-25968 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 10.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2969D732-CC4D-4DB0-ADEF-71F520662B4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the \u0027file\u0027 parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation."
},
{
"lang": "es",
"value": "La versi\u00f3n 10.1.1 de cm3 Acora CMS de DDSN Interactive contiene una vulnerabilidad de control de acceso indebido. Un usuario con privilegios de editor puede acceder a informaci\u00f3n confidencial, como las credenciales del administrador del sistema, al forzar la navegaci\u00f3n en el endpoint y explotar el par\u00e1metro \u0027file\u0027. Al hacer referencia a archivos espec\u00edficos (por ejemplo, cm3.xml), los atacantes pueden eludir los controles de acceso, lo que lleva a la apropiaci\u00f3n de cuentas y a una posible escalada de privilegios."
}
],
"id": "CVE-2025-25968",
"lastModified": "2025-09-30T20:05:42.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T18:15:26.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://ddsn.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/padayali-JD/CVE-2025-25968"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22964
Vulnerability from fkie_nvd - Published: 2025-01-15 23:15 - Updated: 2025-10-03 12:53
Severity ?
Summary
DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/padayali-JD/CVE-2025-22964 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 10.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:10.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2969D732-CC4D-4DB0-ADEF-71F520662B4F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the \"table\" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en DDSN Net Pty Ltd (DDSN Interactive) DDSN Interactive cm3 Acora CMS 10.1.1 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro table."
}
],
"id": "CVE-2025-22964",
"lastModified": "2025-10-03T12:53:39.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-15T23:15:10.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/padayali-JD/CVE-2025-22964"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2013-4727
Vulnerability from fkie_nvd - Published: 2014-06-06 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 5.5.0\/1b-p1 | |
| ddsn | cm3_acora_content_management_system | 5.5.7\/12b | |
| ddsn | cm3_acora_content_management_system | 6.0.2\/1a | |
| ddsn | cm3_acora_content_management_system | 6.0.6\/1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\\/1b-p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D95207-B879-4B48-8291-DED095050BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\\/12b:*:*:*:*:*:*:*",
"matchCriteriaId": "13BA03F5-23CA-4489-B7C3-2DF288C2D2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6581FA-1636-42AA-9F14-467AE411F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "78FEE927-85E4-4274-8317-07C7166CFCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx."
},
{
"lang": "es",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, y posiblemente otras versiones, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud hacia Admin/top.aspx."
}
],
"id": "CVE-2013-4727",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-06T14:55:04.260",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96666"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4725
Vulnerability from fkie_nvd - Published: 2014-06-06 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 5.5.0\/1b-p1 | |
| ddsn | cm3_acora_content_management_system | 5.5.7\/12b | |
| ddsn | cm3_acora_content_management_system | 6.0.2\/1a | |
| ddsn | cm3_acora_content_management_system | 6.0.6\/1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\\/1b-p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D95207-B879-4B48-8291-DED095050BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\\/12b:*:*:*:*:*:*:*",
"matchCriteriaId": "13BA03F5-23CA-4489-B7C3-2DF288C2D2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6581FA-1636-42AA-9F14-467AE411F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "78FEE927-85E4-4274-8317-07C7166CFCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
},
{
"lang": "es",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 y posiblemente otras versiones, no configura la etiqueta de seguridad para una cookie no especificada en una sesi\u00f3n https, la que facilita a atacantes remotos capturar esta cookie mediante la intercepci\u00f3n de su transmisi\u00f3n con una sesi\u00f3n http."
}
],
"id": "CVE-2013-4725",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-06T14:55:04.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96664"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4728
Vulnerability from fkie_nvd - Published: 2014-06-06 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 5.5.0\/1b-p1 | |
| ddsn | cm3_acora_content_management_system | 5.5.7\/12b | |
| ddsn | cm3_acora_content_management_system | 6.0.2\/1a | |
| ddsn | cm3_acora_content_management_system | 6.0.6\/1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\\/1b-p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D95207-B879-4B48-8291-DED095050BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\\/12b:*:*:*:*:*:*:*",
"matchCriteriaId": "13BA03F5-23CA-4489-B7C3-2DF288C2D2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6581FA-1636-42AA-9F14-467AE411F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "78FEE927-85E4-4274-8317-07C7166CFCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the \"l\" parameter, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, y posiblemente otras versiones, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un .. (punto punto) en el par\u00e1metro \u0027l\u0027, lo que revela la ruta de instalaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2013-4728",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-06T14:55:04.323",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96667"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4724
Vulnerability from fkie_nvd - Published: 2014-06-06 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 5.5.0\/1b-p1 | |
| ddsn | cm3_acora_content_management_system | 5.5.7\/12b | |
| ddsn | cm3_acora_content_management_system | 6.0.2\/1a | |
| ddsn | cm3_acora_content_management_system | 6.0.6\/1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\\/1b-p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D95207-B879-4B48-8291-DED095050BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\\/12b:*:*:*:*:*:*:*",
"matchCriteriaId": "13BA03F5-23CA-4489-B7C3-2DF288C2D2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6581FA-1636-42AA-9F14-467AE411F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "78FEE927-85E4-4274-8317-07C7166CFCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
},
{
"lang": "es",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, y posiblemente otras versiones, no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una cookie no especificada, lo que facilita a atacantes remotos obtener informaci\u00f3n potencialmente sensible a trav\u00e9s de acceso de secuencias de comandos a est\u00e1 cookie."
}
],
"id": "CVE-2013-4724",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-06T14:55:04.133",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96664"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4726
Vulnerability from fkie_nvd - Published: 2014-04-25 17:12 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 5.5.0\/1b-p1 | |
| ddsn | cm3_acora_content_management_system | 5.5.7\/12b | |
| ddsn | cm3_acora_content_management_system | 6.0.2\/1a | |
| ddsn | cm3_acora_content_management_system | 6.0.6\/1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\\/1b-p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D95207-B879-4B48-8291-DED095050BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\\/12b:*:*:*:*:*:*:*",
"matchCriteriaId": "13BA03F5-23CA-4489-B7C3-2DF288C2D2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6581FA-1636-42AA-9F14-467AE411F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "78FEE927-85E4-4274-8317-07C7166CFCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 y posiblemente otras versiones, permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2013-4726",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T17:12:03.767",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96665"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4723
Vulnerability from fkie_nvd - Published: 2014-04-25 17:12 - Updated: 2025-04-12 10:46
Severity ?
Summary
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 5.5.0\/1b-p1 | |
| ddsn | cm3_acora_content_management_system | 5.5.7\/12b | |
| ddsn | cm3_acora_content_management_system | 6.0.2\/1a | |
| ddsn | cm3_acora_content_management_system | 6.0.6\/1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\\/1b-p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D95207-B879-4B48-8291-DED095050BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\\/12b:*:*:*:*:*:*:*",
"matchCriteriaId": "13BA03F5-23CA-4489-B7C3-2DF288C2D2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6581FA-1636-42AA-9F14-467AE411F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "78FEE927-85E4-4274-8317-07C7166CFCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 y posiblemente otras versiones permite a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro l hacia track.aspx."
}
],
"id": "CVE-2013-4723",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T17:12:03.720",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96662"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-4722
Vulnerability from fkie_nvd - Published: 2014-04-25 17:12 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ddsn | cm3_acora_content_management_system | 5.5.0\/1b-p1 | |
| ddsn | cm3_acora_content_management_system | 5.5.7\/12b | |
| ddsn | cm3_acora_content_management_system | 6.0.2\/1a | |
| ddsn | cm3_acora_content_management_system | 6.0.6\/1a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.0\\/1b-p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D95207-B879-4B48-8291-DED095050BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:5.5.7\\/12b:*:*:*:*:*:*:*",
"matchCriteriaId": "13BA03F5-23CA-4489-B7C3-2DF288C2D2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.2\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "FC6581FA-1636-42AA-9F14-467AE411F7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ddsn:cm3_acora_content_management_system:6.0.6\\/1a:*:*:*:*:*:*:*",
"matchCriteriaId": "78FEE927-85E4-4274-8317-07C7166CFCD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Admin/login/default.asp en DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 y posiblemente otras versiones permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) username, (2) url o (3) qstr."
}
],
"id": "CVE-2013-4722",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-25T17:12:03.673",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/96661"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-25968 (GCVE-0-2025-25968)
Vulnerability from cvelistv5 – Published: 2025-02-20 00:00 – Updated: 2025-02-20 19:43
VLAI?
Summary
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
Severity ?
6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-25968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:42:14.294882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:43:14.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the \u0027file\u0027 parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:29:28.611Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://ddsn.com"
},
{
"url": "https://github.com/padayali-JD/CVE-2025-25968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-25968",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-02-20T19:43:14.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22964 (GCVE-0-2025-22964)
Vulnerability from cvelistv5 – Published: 2025-01-15 00:00 – Updated: 2025-02-03 18:27
VLAI?
Summary
DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T16:43:42.647534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T18:27:25.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the \"table\" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T20:47:11.397Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/padayali-JD/CVE-2025-22964"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-22964",
"datePublished": "2025-01-15T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-03T18:27:25.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4728 (GCVE-0-2013-4728)
Vulnerability from cvelistv5 – Published: 2014-06-06 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96667"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the \"l\" parameter, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96667"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the \"l\" parameter, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96667",
"refsource": "OSVDB",
"url": "http://osvdb.org/96667"
},
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4728",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4724 (GCVE-0-2013-4724)
Vulnerability from cvelistv5 – Published: 2014-06-06 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96664"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"refsource": "OSVDB",
"url": "http://osvdb.org/96664"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4724",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4727 (GCVE-0-2013-4727)
Vulnerability from cvelistv5 – Published: 2014-06-06 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96666",
"refsource": "OSVDB",
"url": "http://osvdb.org/96666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4727",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4725 (GCVE-0-2013-4725)
Vulnerability from cvelistv5 – Published: 2014-06-06 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96664"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"refsource": "OSVDB",
"url": "http://osvdb.org/96664"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4725",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4726 (GCVE-0-2013-4726)
Vulnerability from cvelistv5 – Published: 2014-04-25 17:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96665"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96665"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96665",
"refsource": "OSVDB",
"url": "http://osvdb.org/96665"
},
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4726",
"datePublished": "2014-04-25T17:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4722 (GCVE-0-2013-4722)
Vulnerability from cvelistv5 – Published: 2014-04-25 17:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96661",
"refsource": "OSVDB",
"url": "http://osvdb.org/96661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4722",
"datePublished": "2014-04-25T17:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4723 (GCVE-0-2013-4723)
Vulnerability from cvelistv5 – Published: 2014-04-25 17:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96662",
"refsource": "OSVDB",
"url": "http://osvdb.org/96662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4723",
"datePublished": "2014-04-25T17:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25968 (GCVE-0-2025-25968)
Vulnerability from nvd – Published: 2025-02-20 00:00 – Updated: 2025-02-20 19:43
VLAI?
Summary
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
Severity ?
6 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-25968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:42:14.294882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:43:14.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the \u0027file\u0027 parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:29:28.611Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://ddsn.com"
},
{
"url": "https://github.com/padayali-JD/CVE-2025-25968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-25968",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2025-02-07T00:00:00.000Z",
"dateUpdated": "2025-02-20T19:43:14.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22964 (GCVE-0-2025-22964)
Vulnerability from nvd – Published: 2025-01-15 00:00 – Updated: 2025-02-03 18:27
VLAI?
Summary
DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T16:43:42.647534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T18:27:25.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the \"table\" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T20:47:11.397Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/padayali-JD/CVE-2025-22964"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-22964",
"datePublished": "2025-01-15T00:00:00.000Z",
"dateReserved": "2025-01-09T00:00:00.000Z",
"dateUpdated": "2025-02-03T18:27:25.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4728 (GCVE-0-2013-4728)
Vulnerability from nvd – Published: 2014-06-06 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96667"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the \"l\" parameter, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96667",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96667"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the \"l\" parameter, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96667",
"refsource": "OSVDB",
"url": "http://osvdb.org/96667"
},
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4728",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4724 (GCVE-0-2013-4724)
Vulnerability from nvd – Published: 2014-06-06 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96664"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"refsource": "OSVDB",
"url": "http://osvdb.org/96664"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4724",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4727 (GCVE-0-2013-4727)
Vulnerability from nvd – Published: 2014-06-06 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96666",
"refsource": "OSVDB",
"url": "http://osvdb.org/96666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4727",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4725 (GCVE-0-2013-4725)
Vulnerability from nvd – Published: 2014-06-06 14:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96664"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-06T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96664"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96664",
"refsource": "OSVDB",
"url": "http://osvdb.org/96664"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4725",
"datePublished": "2014-06-06T14:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4726 (GCVE-0-2013-4726)
Vulnerability from nvd – Published: 2014-04-25 17:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96665"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96665"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96665",
"refsource": "OSVDB",
"url": "http://osvdb.org/96665"
},
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4726",
"datePublished": "2014-04-25T17:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4722 (GCVE-0-2013-4722)
Vulnerability from nvd – Published: 2014-04-25 17:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96661",
"refsource": "OSVDB",
"url": "http://osvdb.org/96661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4722",
"datePublished": "2014-04-25T17:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4723 (GCVE-0-2013-4723)
Vulnerability from nvd – Published: 2014-04-25 17:00 – Updated: 2024-08-06 16:52
VLAI?
Summary
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-25T16:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96662",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/122954/CM3-AcoraCMS-XSS-CSRF-Redirection-Disclosure.html"
},
{
"name": "96662",
"refsource": "OSVDB",
"url": "http://osvdb.org/96662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4723",
"datePublished": "2014-04-25T17:00:00",
"dateReserved": "2013-06-29T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}