CVE-2013-4727

DDSN Interactive cm3 Acora CMS - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4727. PoCs published by Pedro Andujar.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in cm3 Acora CMS, where sensitive information can be exposed via a specific admin page. The included HTML snippet appears to be a __VIEWSTATE value, which may be used to demonstrate the vulnerability but lacks executable exploit code.

Description

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Pedro Andujar · textwebappsphp

https://www.exploit-db.com/exploits/38740

View Code ZIP pw:eip

The provided text describes an information disclosure vulnerability in cm3 Acora CMS, where sensitive information can be exposed via a specific admin page. The included HTML snippet appears to be a __VIEWSTATE value, which may be used to demonstrate the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: cm3 Acora CMS

No auth needed

Prerequisites: Access to the target URL

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/96666

Scores

EPSS 0.0271

EPSS Percentile 84.0%

Details

CWE

CWE-200

Status published

Products (4)

ddsn/cm3_acora_content_management_system 5.5.0\/1b-p1

ddsn/cm3_acora_content_management_system 5.5.7\/12b

ddsn/cm3_acora_content_management_system 6.0.2\/1a

ddsn/cm3_acora_content_management_system 6.0.6\/1a

Published Jun 06, 2014

Tracked Since Feb 18, 2026