CVE-2026-29597: n/a
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/file_manager/file_details.asp” endpoint and manipulating the “file” parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure.
AI Analysis
Technical Summary
An improper access control vulnerability exists in DDSN Interactive cm3 Acora CMS version 10.7.1 where users with editor privileges can force browse the /Admin/file_manager/file_details.asp endpoint and manipulate the file parameter to retrieve sensitive configuration files such as cm3.xml. These files contain critical information including system administrator credentials, SMTP settings, and database credentials. Exploiting this vulnerability can lead to privilege escalation, account takeover, and systemic compromise of the CMS and its infrastructure. The CVSS 3.1 base score is 6.5 with network attack vector, low attack complexity, requiring privileges, no user interaction, unchanged scope, high confidentiality impact, no integrity or availability impact.
Potential Impact
Exposure of sensitive configuration files can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This vulnerability poses a critical risk of account takeover and privilege escalation despite the medium CVSS score.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict editor-level user access and monitor for unauthorized access attempts to the /Admin/file_manager/file_details.asp endpoint. Avoid granting editor privileges to untrusted users and consider additional access controls or web application firewall rules to limit access to sensitive endpoints.
CVE-2026-29597: n/a
Description
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/file_manager/file_details.asp” endpoint and manipulating the “file” parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
An improper access control vulnerability exists in DDSN Interactive cm3 Acora CMS version 10.7.1 where users with editor privileges can force browse the /Admin/file_manager/file_details.asp endpoint and manipulate the file parameter to retrieve sensitive configuration files such as cm3.xml. These files contain critical information including system administrator credentials, SMTP settings, and database credentials. Exploiting this vulnerability can lead to privilege escalation, account takeover, and systemic compromise of the CMS and its infrastructure. The CVSS 3.1 base score is 6.5 with network attack vector, low attack complexity, requiring privileges, no user interaction, unchanged scope, high confidentiality impact, no integrity or availability impact.
Potential Impact
Exposure of sensitive configuration files can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This vulnerability poses a critical risk of account takeover and privilege escalation despite the medium CVSS score.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict editor-level user access and monitor for unauthorized access attempts to the /Admin/file_manager/file_details.asp endpoint. Avoid granting editor privileges to untrusted users and consider additional access controls or web application firewall rules to limit access to sensitive endpoints.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-04T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69ca9c6fe6bfc5ba1d472599
Added to database: 3/30/2026, 3:53:19 PM
Last enriched: 4/7/2026, 5:56:58 AM
Last updated: 5/15/2026, 7:54:57 AM
Views: 42
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.