DDSN Interactive cm3 Acora CMS Improper Access Control Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability has been identified in DDSN Interactive cm3 Acora CMS version 10.1.1, where improper access control allows editor-privileged users to access sensitive information, including system administrator credentials. This is achieved by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files, such as 'cm3.xml', attackers can bypass access controls, potentially leading to account takeover and privilege escalation.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, such as administrator credentials, allowing for account takeover and privilege escalation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

5.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

5.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DDSN Interactive cm3 Acora CMS Improper Access Control Vulnerability Allowing Account Takeover

Vulnerability

Impact

Affected Products

DDSN Interactive cm3 Acora CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating