CVE-2025-40660

Name of the Vulnerable Software and Affected Versions DM Corporative CMS (affected versions not specified)

Description An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the option parameter equal to 0, 1, or 2 in the "/administer/select node/data.asp" endpoint. The endpoint is accessed with parameters such as mode, id1, id2, session, cod, and networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.