CVE-2025-22964

Name of the Vulnerable Software and Affected Versions DDSN Interactive cm3 Acora CMS version 10.1.1

Description The issue is caused by insufficient input sanitization and validation in the table parameter, leading to an unauthenticated time-based blind SQL Injection. This allows attackers to inject malicious SQL queries, enabling unauthorized access, manipulation of data, or exposure of sensitive information. The flaw poses significant risks to the integrity and confidentiality of the application.

Recommendations For DDSN Interactive cm3 Acora CMS version 10.1.1, consider disabling the table parameter until a patch is available to prevent exploitation. Restrict access to sensitive data and ensure proper input validation and sanitization to minimize the risk of unauthorized access or data manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.