CVE-2025-51532

High CVSS: 7.5

Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.

Vendor

Sagedpw

Product

Sage Dpw

CWE

CWE-284

Yayın Tarihi

2025-08-06 16:15:30

Güncelleme

2025-10-01 20:38:28

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Sage Dpw HIGH Sagedpw 2025

Referanslar

https://www.sec4you-pentest.com/schwachstelle/sage-dpw-unauthentifizierter-zugriff-adminbereich-db-monitor/ https://www.sec4you-pentest.com/schwachstellen/

Benzer Kayıtlar

Medium

CVE-2025-67805

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Dat…

Low

CVE-2025-67806

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-67807

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-51533

An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access in…

Medium

CVE-2025-51531

A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arb…

High

CVE-2024-56883

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are no…