7 matches found
CVE-2023-49444
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...
CVE-2023-49443
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...
Default credentials
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...
Privilege escalation
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...
CVE-2023-49443
DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...
CVE-2023-49444
An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar...
CVE-2022-25464
CVE-2022-25464 is a stored XSS vulnerability in DoraCMS v2.1.8 affecting the component /admin/contenttemp. The issue allows an attacker to inject arbitrary scripts/HTML via a crafted payload. Public details place CVSSv3.1 base score at 4.8 (MEDIUM) with network access, low attack complexity, user...