Unrated severityNVD Advisory· Published Jan 15, 2025· Updated Feb 3, 2025
CVE-2025-22964
CVE-2025-22964
Description
DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- DDSN Interactive cm3/Acora CMSdescription
- Range: = 10.1.1
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.