Primary

Context

DM Corporative CMS IDOR Vulnerability in Private Area Access

Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in DM Corporative CMS, versions prior to 2025.01. This vulnerability enables an attacker to access the private area by manipulating the option parameter in a specific administrative data management endpoint.

Impact

Exploitation of this vulnerability allows unauthorized access to the private area of the application.

Reproduction

To reproduce this vulnerability, send a request to the '/administer/select node/data.asp' endpoint with the 'mode' parameter set to 'catalogue', 'id1' and 'id2' set to '1', and 'networks' set to '0'. Include the 'option' parameter with a value of '0', '1', or '2'.

Remediation

Users are advised to update to DM Corporative CMS version 2025.01.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DM Corporative CMS IDOR Vulnerability in Private Area Access

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating