Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Multiple vulnerabilities in DM Corporative CMS by Dmacroweb

Posted date 10/06/2025
Identificador
INCIBE-2025-0305
Importance
5 - Critical
Affected Resources

DM Corporative CMS, versions prior to 2025.01.

Description

INCIBE has coordinated the publication of 9 vulnerabilities: 4 of critical severity and 5 of medium severity, affecting DM Corporative CMS of Dmacroweb, a content management system. The vulnerabilities have been discovered by Oscar Atienza.

These vulnerabilities have been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:

  • CVE-2025-40654 to CVE-2025-40657: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-89
  • CVE-2025-40658 to CVE-2025-40661: CVSS v4.0: 6.9 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-639
  • CVE-2025-40662: CVSS v4.0: 6.9 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-200
Solution

The vulnerabilities have been fixed by the Dmacroweb team in version 2025.01.

Detail
  • A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases. The list of assigned parameters and identifiers is as follows:
    • CVE-2025-40654: name and cod parameters in /antbuspre.asp.
    • CVE-2025-40655: name parameter in /antcatalogue.asp.
    • CVE-2025-40656: cod parameter in /administer/node-selection/data.asp.
    • CVE-2025-40657: codform parameter in /modules/forms/collectform.asp.
  • An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area. The list of assigned parameters and identifiers is as follows:
    • CVE-2025-40658: option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
    • CVE-2025-40659: option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
    • CVE-2025-40660: option parameter equal to 0,1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
    • CVE-2025-40661: option parameter equal to 0,1 or 2 in /administer/selectionnode/selection.asp.
  • CVE-2025-40662: absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
References list
Manufacturer's website
Etiquetas