Lucene search

MitreCVE-2023-27084

HistoryMar 16, 2023 - 2:15 a.m.

CVE-2023-27084

2023-03-1602:15:08

CWE-732

mitre

web.nvd.nist.gov

cve-2023-27084

permissions vulnerability

isoftforce dreamer cms

sensitive information

local attackers

attachmentcontroller parameter

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.

Affected configurations

Nvd

Node

dreamer_cms_projectdreamer_cmsMatch4.0.1

VendorProductVersionCPE
dreamer_cms_projectdreamer_cms4.0.1cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dreamer_cms_project	dreamer_cms	4.0.1	cpe:2.3:a:dreamer_cms_project:dreamer_cms:4.0.1:::::::*

References

gitee.com/isoftforce/dreamer_cms/issues/I6GCUN

github.com/iteachyou-wjn/dreamer_cms/issues/9

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

4.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-27084