HIGH🇵🇱 Wersja polska

CVE-2006-0221

CVSS 7.5v2.0pub. 2006-01-16upd. 2026-04-16

SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Ddsn Cm3cms

    APP
    Ddsn
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-63314CRITICAL10.0PL ✓ten sam vendor

Statyczny token resetowania hasła w DDSN Acora CMS umożliwia przejęcie konta

CVE-2025-25967HIGH8.8ten sam vendor

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to tr...

CVE-2025-22964HIGH8.1ten sam vendor

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerabil...

CVE-2025-25968MEDIUM6.0ten sam vendor

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-pri...

CVE-2013-4724MEDIUM5.0ten sam vendor

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does n...