Dm Corporative CMS
by Dmacroweb
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40662 | 0.00 | — | 0.00 | Jun 10, 2025 | Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file. | ||
| CVE-2025-40661 | 0.00 | — | 0.00 | Jun 10, 2025 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp. | ||
| CVE-2025-40660 | 0.00 | — | 0.00 | Jun 10, 2025 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0. | ||
| CVE-2025-40659 | 0.00 | — | 0.00 | Jun 10, 2025 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp. | ||
| CVE-2025-40658 | 0.00 | — | 0.00 | Jun 10, 2025 | An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp. | ||
| CVE-2025-40657 | 0.00 | — | 0.00 | Jun 10, 2025 | A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp. | ||
| CVE-2025-40656 | 0.00 | — | 0.00 | Jun 10, 2025 | A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp. | ||
| CVE-2025-40655 | 0.00 | — | 0.00 | Jun 10, 2025 | A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp. | ||
| CVE-2025-40654 | 0.00 | — | 0.00 | Jun 10, 2025 | A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp. |
- CVE-2025-40662Jun 10, 2025risk 0.00cvss —epss 0.00
Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
- CVE-2025-40661Jun 10, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
- CVE-2025-40660Jun 10, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
- CVE-2025-40659Jun 10, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
- CVE-2025-40658Jun 10, 2025risk 0.00cvss —epss 0.00
An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
- CVE-2025-40657Jun 10, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
- CVE-2025-40656Jun 10, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
- CVE-2025-40655Jun 10, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
- CVE-2025-40654Jun 10, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.