CVE-2025-10320

Dreamer CMS (it-eachyou Dreamer CMS) versions through 4.1.3.2 are affected by a vulnerability in the handling of /admin/user/updatePwd that results in weak password requirements. The root cause is an improper processing path for updatePwd, permitting a password policy bypass. Exploitation can be ...

CVE-2025-3977

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper...

Dreamer CMS 路径遍历漏洞

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A path traversal vulnerability exists in Dreamer CMS version 4.1.3, which originates from a path traversal vulnerability contained in the /resource/js/ueditor-1.4.3.3 location...

CVE-2024-3118

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2023-46886

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read...

CVE-2023-46887

In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability...

PT-2023-30253 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS versions prior to 4.0.1 Description: The issue allows for Directory Traversal, where background template management enables arbitrary modification of template files. This can lead to the reading of system-sensitive files...

Dreamer CMS Cross-Site Request Forgery Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3. An attacker can exploit this vulnerability to conduct cross-site request forgery CSRF attacks via the component /admin/user/add...

CVE-2023-43857

Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting XSS vulnerability via the component /admin/u/toIndex...

Dreamer CMS Security Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS 4.1.3 and earlier versions, which originates from an unknown function in /upload/ueditorConfig?action=config that results in an accessible file or...

CVE-2023-29774

Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting XSS...

PT-2023-14177 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.0.1 Description: The issue allows SQL injection via ArchivesMapper.xml. Recommendations: For Dreamer CMS version 4.0.1, consider restricting access to ArchivesMapper.xml to minimize the risk of exploitation. As a tempora...

编号撤回

Dreamer CMS is a Dreamer Content Management System by individual developer Junnan Wang of China. The CVE number has been withdrawn...

PT-2023-17211 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS versions up to 3.5.0 Description: A problematic issue was found in the File Upload Handler component, leading to cross site scripting. The manipulation can be launched remotely, affecting an unknown function. Recommendations: For...

PT-2023-20942 · Isoftforce · Isoftforce Dreamer Cms

Name of the Vulnerable Software and Affected Versions: isoftforce Dreamer CMS version 4.0.1 Description: A permissions issue allows local attackers to obtain sensitive information via the AttachmentController parameter. This issue can be exploited to gain access to restricted data. Recommendation...

PT-2022-26330 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.0.01 Description: The issue is related to SQL Injection. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited...

Dreamer CMS SQL注入漏洞

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, an individual developer in China. A SQL injection vulnerability exists in Dreamer CMS version 4.0.01, which stems from the presence of SQL injection...

Dreamer CMS SQL注入漏洞

Dreamer CMS is a Dreamer Content Management System by Junnan Wang, a personal developer in China. version 4.0.0 of Dreamer CMS has a security vulnerability that originates from the tableName parameter. No detailed vulnerability details are available at this time...