CVE-2025-51533

Medium CVSS: 5.3

An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.

Vendor

Sagedpw

Product

Sage Dpw

CWE

CWE-639

Yayın Tarihi

2025-08-07 19:15:28

Güncelleme

2025-10-01 20:36:15

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-639 Sage Dpw MEDIUM Sagedpw 2025

Referanslar

https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/ https://www.sec4you-pentest.com/schwachstellen https://www.sec4you-pentest.com/schwachstelle/sage-dpw-vorhersehbare-url-ids-ermoeglichen-unautorisierten-zugriff-auf-interne-formulare/

Benzer Kayıtlar

Medium

CVE-2025-67805

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Dat…

Low

CVE-2025-67806

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-67807

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-51531

A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arb…

High

CVE-2025-51532

Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Databa…

High

CVE-2024-56883

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are no…