EUVD-2025-17653CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
Analysis
Critical SQL injection vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to execute arbitrary SQL commands through the 'cod' parameter in the /administer/node-selection/data.asp endpoint. This enables complete database compromise including unauthorized retrieval, creation, modification, and deletion of data. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this represents an extremely high-severity threat to all exposed instances; exploitation status and proof-of-concept availability should be verified against current KEV and EPSS data.
Technical Context
This vulnerability is a classic SQL injection (CWE-89) flaw occurring in an Active Server Pages (ASP) application layer. The DM Corporative CMS application fails to properly sanitize or parameterize user input from the 'cod' parameter before incorporating it into SQL queries. The vulnerable endpoint '/administer/node-selection/data.asp' processes HTTP requests without adequate input validation or prepared statement usage, allowing attackers to inject malicious SQL syntax. ASP-based applications using dynamic query construction without parameterized queries or ORM frameworks are particularly susceptible to this attack class. The 'administer' path designation suggests this is an administrative interface, which may imply some architectural intent for restricted access that is being bypassed through the absence of authentication controls (PR:N in CVSS vector).
Affected Products
DM Corporative CMS (specific version range not provided in description; vendor advisory should clarify affected versions from 1.0 through current release). CPE would likely follow pattern: cpe:2.3:a:dm:corporative_cms:*:*:*:*:*:*:*:* (version wildcard pending vendor clarification). The vulnerability is triggered through the HTTP request path /administer/node-selection/data.asp, indicating ASP-based runtime (Microsoft IIS or compatible). All instances of DM Corporative CMS exposed to network access (internal or external) are affected. Default installations are at risk; hardening measures (IP whitelisting, WAF rules) may reduce exposure but do not eliminate the vulnerability. Vendor advisory and patch documentation should specify exact version ranges and any configuration-dependent factors.
Remediation
IMMEDIATE: (1) Apply vendor security patch for DM Corporative CMS as soon as released; coordinate with vendor for version-specific patch availability. (2) Implement input validation and parameterized SQL queries (prepared statements) using the underlying database driver—validate 'cod' parameter against expected format (alphanumeric, numeric-only, etc.) and use parameterized query syntax (e.g., SQL parameters, prepared statements) to eliminate injection. (3) Implement principle of least privilege: ensure database service account has minimal required permissions (SELECT-only for read operations, exclude DROP/DELETE if not required). (4) Deploy Web Application Firewall (WAF) rules to detect and block SQL injection patterns in the 'cod' parameter; monitor for `' OR '1'='1`, `'; DROP TABLE`, and other common SQL injection payloads. (5) Restrict access to /administer/* paths via network-level controls (IP whitelisting, VPN requirement) pending patch availability. (6) Conduct immediate SQL audit logs for indicators of compromise (unusual DELETE/DROP activity, data exfiltration patterns). Monitor backup integrity. REFERENCES: Check DM Corporative CMS vendor security advisory, GitHub security advisories, and vendor patch portal for specific version patches and hotfixes.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today