CVE-2025-67805

Medium CVSS: 5.9

A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Cloud. It was forcibly disabled again in version 2025_06_003.

Vendor

Sagedpw

Product

Sage Dpw

CWE

CWE-306

Yayın Tarihi

2026-04-01 16:23:48

Güncelleme

2026-04-07 19:39:01

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-306 Sage Dpw MEDIUM Sagedpw 2026

Referanslar

https://pastebin.com/Tk4LgMG2 https://www.sagedpw.at/

Benzer Kayıtlar

Low

CVE-2025-67806

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-67807

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumer…

Medium

CVE-2025-51533

An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access in…

Medium

CVE-2025-51531

A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arb…

High

CVE-2025-51532

Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Databa…

High

CVE-2024-56883

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are no…