Dm Corporative Cms
Monthly
CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.
CVE-2025-40661 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated attackers to bypass authentication and access the private administrative area by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/selection.asp endpoint. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact, indicating potential exposure of sensitive administrative data. No KEV status, EPSS score, or confirmed POC availability was provided in the source data, limiting definitive assessment of active exploitation.
CVE-2025-40660 is a security vulnerability (CVSS 7.5) that allows an attacker. High severity vulnerability requiring prompt remediation.
CVE-2025-40659 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated attackers to bypass access controls and view the private administrative area by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelectionNetworks.asp endpoint. This high-severity vulnerability (CVSS 7.5) has a high confidentiality impact but does not enable data modification or service disruption. No active exploitation in the wild (KEV) or public proof-of-concept has been confirmed in available intelligence, but the vulnerability's simplicity and unauthenticated attack vector make it a significant priority for affected organizations.
CVE-2025-40658 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to bypass access controls and view private administrative areas by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelection.asp endpoint. The vulnerability has a CVSS 3.1 score of 7.5 (High) with high confidentiality impact, no privilege requirement, and no user interaction needed, making it a significant authentication bypass risk for affected CMS installations.
Critical unauthenticated SQL injection vulnerability in DM Corporative CMS affecting the /modules/forms/collectform.asp endpoint via the 'codform' parameter, allowing remote attackers to execute arbitrary SQL commands without authentication. This vulnerability enables complete database compromise including data exfiltration, modification, and deletion with a CVSS score of 9.8. The exploitation likelihood depends on patch availability and active threat actor interest, though the network-accessible nature and lack of authentication requirements make this a severe priority for affected organizations.
Critical SQL injection vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to execute arbitrary SQL commands through the 'cod' parameter in the /administer/node-selection/data.asp endpoint. This enables complete database compromise including unauthorized retrieval, creation, modification, and deletion of data. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this represents an extremely high-severity threat to all exposed instances; exploitation status and proof-of-concept availability should be verified against current KEV and EPSS data.
Critical SQL injection vulnerability in DM Corporative CMS affecting the /antcatalogue.asp endpoint's 'name' parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands with complete database compromise (retrieval, creation, modification, deletion). With a CVSS 9.8 score, zero authentication requirements, and network-accessible attack surface, this vulnerability represents an immediate and severe risk to all exposed instances; exploitation likelihood is extremely high given the straightforward injection point and lack of input validation.
A critical SQL injection vulnerability (CVE-2025-40654) exists in DM Corporative CMS affecting the /antbuspre.asp endpoint, where the 'name' and 'cod' parameters are not properly sanitized. This unauthenticated, network-accessible vulnerability allows remote attackers to execute arbitrary SQL commands, enabling complete database compromise including data exfiltration, modification, and destruction. With a CVSS 9.8 score and network-exploitable attack surface, this represents a critical production risk if DM Corporative CMS is internet-facing.
CVE-2025-40662 is an absolute path disclosure vulnerability in DM Corporative CMS that exposes sensitive filesystem information when an attacker requests non-existent files within the webroot/file directory. This high-severity information disclosure (CVSS 7.5) affects DM Corporative CMS users and allows unauthenticated remote attackers to enumerate and discover the absolute filesystem paths of the application, which typically precedes further exploitation. The vulnerability has not been confirmed as actively exploited in the wild (KEV status unknown from provided data), but represents a significant reconnaissance vector with minimal attack complexity.
CVE-2025-40661 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated attackers to bypass authentication and access the private administrative area by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/selection.asp endpoint. The vulnerability has a CVSS score of 7.5 (High) with high confidentiality impact, indicating potential exposure of sensitive administrative data. No KEV status, EPSS score, or confirmed POC availability was provided in the source data, limiting definitive assessment of active exploitation.
CVE-2025-40660 is a security vulnerability (CVSS 7.5) that allows an attacker. High severity vulnerability requiring prompt remediation.
CVE-2025-40659 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated attackers to bypass access controls and view the private administrative area by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelectionNetworks.asp endpoint. This high-severity vulnerability (CVSS 7.5) has a high confidentiality impact but does not enable data modification or service disruption. No active exploitation in the wild (KEV) or public proof-of-concept has been confirmed in available intelligence, but the vulnerability's simplicity and unauthenticated attack vector make it a significant priority for affected organizations.
CVE-2025-40658 is an Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to bypass access controls and view private administrative areas by manipulating the 'option' parameter (values 0, 1, or 2) in the /administer/selectionnode/framesSelection.asp endpoint. The vulnerability has a CVSS 3.1 score of 7.5 (High) with high confidentiality impact, no privilege requirement, and no user interaction needed, making it a significant authentication bypass risk for affected CMS installations.
Critical unauthenticated SQL injection vulnerability in DM Corporative CMS affecting the /modules/forms/collectform.asp endpoint via the 'codform' parameter, allowing remote attackers to execute arbitrary SQL commands without authentication. This vulnerability enables complete database compromise including data exfiltration, modification, and deletion with a CVSS score of 9.8. The exploitation likelihood depends on patch availability and active threat actor interest, though the network-accessible nature and lack of authentication requirements make this a severe priority for affected organizations.
Critical SQL injection vulnerability in DM Corporative CMS that allows unauthenticated remote attackers to execute arbitrary SQL commands through the 'cod' parameter in the /administer/node-selection/data.asp endpoint. This enables complete database compromise including unauthorized retrieval, creation, modification, and deletion of data. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this represents an extremely high-severity threat to all exposed instances; exploitation status and proof-of-concept availability should be verified against current KEV and EPSS data.
Critical SQL injection vulnerability in DM Corporative CMS affecting the /antcatalogue.asp endpoint's 'name' parameter, allowing unauthenticated remote attackers to execute arbitrary SQL commands with complete database compromise (retrieval, creation, modification, deletion). With a CVSS 9.8 score, zero authentication requirements, and network-accessible attack surface, this vulnerability represents an immediate and severe risk to all exposed instances; exploitation likelihood is extremely high given the straightforward injection point and lack of input validation.
A critical SQL injection vulnerability (CVE-2025-40654) exists in DM Corporative CMS affecting the /antbuspre.asp endpoint, where the 'name' and 'cod' parameters are not properly sanitized. This unauthenticated, network-accessible vulnerability allows remote attackers to execute arbitrary SQL commands, enabling complete database compromise including data exfiltration, modification, and destruction. With a CVSS 9.8 score and network-exploitable attack surface, this represents a critical production risk if DM Corporative CMS is internet-facing.