Ddsn Cm3 Acora Content Management System vulnerabilities
9 known vulnerabilities affecting ddsn/cm3_acora_content_management_system.
Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2025-22964P3HIGHCVSS 8.1v10.1.12025-01-15
CVE-2025-22964 [HIGH] CWE-89 CVE-2025-22964: DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection
DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or vali
nvd
CVE-2013-4727P4MEDIUMCVSS 5.0PoCv5.5.0\/1b-p1v5.5.7\/12b+2 more2014-06-06
CVE-2013-4727 [MEDIUM] CWE-200 CVE-2013-4727: DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versio
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
nvd
CVE-2025-25968P4MEDIUMCVSS 6.0v10.1.12025-02-20
CVE-2025-25968 [MEDIUM] CWE-284 CVE-2025-25968: DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls,
nvd
CVE-2013-4726P4MEDIUMCVSS 6.8v5.5.0\/1b-p1v5.5.7\/12b+2 more2014-04-25
CVE-2013-4726 [MEDIUM] CWE-352 CVE-2013-4726: Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a
Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2013-4725P4MEDIUMCVSS 5.0v5.5.0\/1b-p1v5.5.7\/12b+2 more2014-06-06
CVE-2013-4725 [MEDIUM] CWE-200 CVE-2013-4725: DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versio
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
nvd
CVE-2013-4723P4MEDIUMCVSS 5.8v5.5.0\/1b-p1v5.5.7\/12b+2 more2014-04-25
CVE-2013-4723 [MEDIUM] CWE-20 CVE-2013-4723: Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
nvd
CVE-2013-4724P4MEDIUMCVSS 5.0v5.5.0\/1b-p1v5.5.7\/12b+2 more2014-06-06
CVE-2013-4724 [MEDIUM] CWE-200 CVE-2013-4724: DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versio
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
nvd
CVE-2013-4722P4MEDIUMCVSS 4.3v5.5.0\/1b-p1v5.5.7\/12b+2 more2014-04-25
CVE-2013-4722 [MEDIUM] CWE-79 CVE-2013-4722: Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive c
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.
nvd
CVE-2013-4728P4MEDIUMCVSS 5.0v5.5.0\/1b-p1v5.5.7\/12b+2 more2014-06-06
CVE-2013-4728 [MEDIUM] CWE-200 CVE-2013-4728: DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versio
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
nvd