Dreamer Cms@* Security Vulnerabilities and Issues — Dreamer Cms@* CVE List

Lucene search

IteachyouDreamer Cms*

9 matches found

CVE•added 2024/04/04 9:15 p.m.•63 views

CVE-2024-3311

A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit...

8.8CVSS6.5AI score0.00281EPSS

CVE•added 2025/04/27 5:15 p.m.•51 views

CVE-2025-3977

A vulnerability was found in iteachyou Dreamer CMS up to 4.1.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/attachment/download of the component Attachment Handler. The manipulation of the argument ID leads to improper authoriza...

5.3CVSS4.7AI score0.00041EPSS

Web

CVE•added 2024/03/31 5:15 a.m.•50 views

CVE-2024-3118

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the publ...

8.8CVSS6.4AI score0.00043EPSS

CVE•added 2023/09/03 11:15 p.m.•48 views

CVE-2023-4743

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an...

4.8CVSS4.5AI score0.00063EPSS

Web

CVE•added 2023/01/26 9:18 p.m.•46 views

CVE-2023-0513

A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading ...

5.4CVSS4.4AI score0.00294EPSS

CVE•added 2023/03/30 11:15 p.m.•42 views

CVE-2023-1746

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to th...

5.4CVSS4.4AI score0.0007EPSS

CVE•added 2023/05/02 1:15 p.m.•33 views

CVE-2023-2473

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be in...

7.5CVSS5.8AI score0.00047EPSS

CVE•added 2023/11/29 5:15 a.m.•24 views

CVE-2023-46887

In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.

7.5CVSS7.5AI score0.00169EPSS

CVE•added 2023/11/29 5:15 a.m.•22 views

CVE-2023-46886

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.

9.1CVSS9.1AI score0.00586EPSS