MidnightBSD

Advisories for ddsn

CVE-2006-0221 HIGH

SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ddsn cm3cms *
CVE-2013-4722 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 5.5.7/12b
ddsn cm3_acora_content_management_system 6.0.6/1a
ddsn cm3_acora_content_management_system 6.0.2/1a
ddsn cm3_acora_content_management_system 5.5.0/1b-p1
CVE-2013-4723 MEDIUM

Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 5.5.7/12b
ddsn cm3_acora_content_management_system 6.0.6/1a
ddsn cm3_acora_content_management_system 6.0.2/1a
ddsn cm3_acora_content_management_system 5.5.0/1b-p1
CVE-2013-4724 MEDIUM

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 5.5.7/12b
ddsn cm3_acora_content_management_system 6.0.6/1a
ddsn cm3_acora_content_management_system 6.0.2/1a
ddsn cm3_acora_content_management_system 5.5.0/1b-p1
CVE-2013-4725 MEDIUM

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 5.5.7/12b
ddsn cm3_acora_content_management_system 6.0.6/1a
ddsn cm3_acora_content_management_system 6.0.2/1a
ddsn cm3_acora_content_management_system 5.5.0/1b-p1
CVE-2013-4726 MEDIUM

Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 5.5.7/12b
ddsn cm3_acora_content_management_system 6.0.6/1a
ddsn cm3_acora_content_management_system 6.0.2/1a
ddsn cm3_acora_content_management_system 5.5.0/1b-p1
CVE-2013-4727 MEDIUM

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 5.5.7/12b
ddsn cm3_acora_content_management_system 6.0.6/1a
ddsn cm3_acora_content_management_system 6.0.2/1a
ddsn cm3_acora_content_management_system 5.5.0/1b-p1
CVE-2013-4728 MEDIUM

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 5.5.7/12b
ddsn cm3_acora_content_management_system 6.0.6/1a
ddsn cm3_acora_content_management_system 6.0.2/1a
ddsn cm3_acora_content_management_system 5.5.0/1b-p1
CVE-2025-22964

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 10.1.1
CVE-2025-25967

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N 2.3 4.0

Products Affected

Vendor Product Version
ddsn acora_cms 10.1.1
CVE-2025-25968

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H 1.2 4.7

Products Affected

Vendor Product Version
ddsn cm3_acora_content_management_system 10.1.1
CVE-2025-63314

A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L 3.9 6.0

Products Affected

Vendor Product Version
ddsn cm3_acora_cms 10.7.1