HIGH🇵🇱 Wersja polska

CVE-2025-25967

CVSS 8.8v3.1pub. 2025-03-03upd. 2025-03-06

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery (CSRF). This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections allows exploitation via crafted requests.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Ddsn Acora Cms

    APP
    Ddsn
    10.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-63314CRITICAL10.0PL ✓ten sam vendor

Statyczny token resetowania hasła w DDSN Acora CMS umożliwia przejęcie konta

CVE-2025-22964HIGH8.1ten sam vendor

DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerabil...

CVE-2006-0221HIGH7.5ten sam vendor

SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 conte...

CVE-2025-25968MEDIUM6.0ten sam vendor

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-pri...

CVE-2013-4727MEDIUM5.0ten sam vendor

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows...