Description
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/file_manager/file_details.asp” endpoint and manipulating the “file” parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure.
Published: 2026-03-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

Acora CMS version 10.7.1 contains an improper access control weakness that allows an editor‑privileged user to read sensitive configuration files by manipulating the file parameter on the /Admin/file_manager/file_details.asp endpoint. The vulnerability is classified as CWE‑284 and results in the exposure of system administrator credentials, SMTP settings, database connections, and other confidential information. Once these credentials are obtained, an attacker can gain full administrative control of the CMS, access email services, compromise linked databases, move laterally within the network, and establish long‑term persistence.

Affected Systems

The affected software is Acora CMS v10.7.1. No other vendors or products are listed; the vulnerability is specific to this version of the CMS.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity vulnerability. The EPSS score is below 1%, suggesting a low probability of exploitation, and the flaw is not recorded in the CISA KEV catalog. Exploitation is possible over the web, requiring only that the user have editor privileges. If such a user exists, the attacker can retrieve privileged information, evolving the issue into a full account takeover. The overall risk is moderate due to the credential exposure and potential for systemic compromise.

Generated by OpenCVE AI on April 3, 2026 at 18:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that the system is running Acora CMS v10.7.1 or another vulnerable version.
  • Apply any vendor‑issued patch or update the CMS to a version that removes the improper access control.
  • If a patch is unavailable, restrict access to the /Admin/file_manager/file_details.asp endpoint to administrators only and require authentication for sensitive files.
  • Rename or relocate configuration files (e.g., cm3.xml) so they are not exposed through the file manager.
  • Monitor web application logs for attempts to read file_details.asp and investigate any unauthorized activity.

Generated by OpenCVE AI on April 3, 2026 at 18:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Title Acora CMS v10.7.1 Improper Access Control Exposes Sensitive Files

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests. DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/file_manager/file_details.asp” endpoint and manipulating the “file” parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure.

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Ddsn
Ddsn acora Cms
Vendors & Products Ddsn
Ddsn acora Cms

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Title Acora CMS v10.7.1 Improper Access Control Exposes Sensitive Files

Mon, 30 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Incorrect access control in the file_details.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allows attackers with editor privileges to access sensitive files via crafted requests.
References

Subscriptions

Ddsn Acora Cms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-03T15:16:33.427Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-29597

cve-icon Vulnrichment

Updated: 2026-03-30T18:18:22.323Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T16:16:04.310

Modified: 2026-04-03T16:16:36.630

Link: CVE-2026-29597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:55Z

Weaknesses