Lucene search

[email protected]CVE-2023-27084

HistoryMar 16, 2023 - 2:15 a.m.

CVE-2023-27084

2023-03-1602:15:08

CWE-732

[email protected]

web.nvd.nist.gov

cve-2023-27084

permissions vulnerability

isoftforce dreamer cms

sensitive information

local attackers

attachmentcontroller parameter

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.

Affected configurations

NVD

Node

dreamer_cms_projectdreamer_cmsMatch4.0.1

CPENameOperatorVersion
dreamer_cms_project:dreamer_cmsdreamer cms project dreamer cmseq4.0.1

CPE	Name	Operator	Version
dreamer_cms_project:dreamer_cms	dreamer cms project dreamer cms	eq	4.0.1

References

gitee.com/isoftforce/dreamer_cms/issues/I6GCUN

github.com/iteachyou-wjn/dreamer_cms/issues/9

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-27084

prion1 cvelist1 nvd1