Dreamer Cms Security Vulnerabilities and Issues — Dreamer Cms CVE List

Lucene search

IteachyouDreamer Cms

20 matches found

CVE•added 2023/10/17 2:15 p.m.•89 views

CVE-2023-45907

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/10/17 2:15 p.m.•87 views

CVE-2023-45903

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/10/17 2:15 p.m.•75 views

CVE-2023-45906

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.

8.8CVSS8.8AI score0.00099EPSS

CVE•added 2023/10/17 2:15 p.m.•71 views

CVE-2023-45902

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.

8.8CVSS8.8AI score0.00099EPSS

CVE•added 2023/10/17 2:15 p.m.•70 views

CVE-2023-45904

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.

8.8CVSS8.8AI score0.00099EPSS

CVE•added 2024/04/04 9:15 p.m.•61 views

CVE-2024-3311

A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit...

8.8CVSS6.5AI score0.00207EPSS

CVE•added 2023/11/13 4:15 p.m.•56 views

CVE-2023-48058

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/10/17 2:15 p.m.•53 views

CVE-2023-45901

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/category/add.

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/11/13 4:15 p.m.•51 views

CVE-2023-48060

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2024/03/31 5:15 a.m.•49 views

CVE-2024-3118

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. This issue affects some unknown processing of the component Attachment Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the publ...

8.8CVSS6.4AI score0.00032EPSS

CVE•added 2023/11/18 2:15 a.m.•42 views

CVE-2023-48017

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.

8.8CVSS8.8AI score0.00059EPSS

CVE•added 2023/10/17 2:15 p.m.•40 views

CVE-2023-45905

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/11/14 3:15 p.m.•38 views

CVE-2023-48020

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.

8.8CVSS8.8AI score0.00163EPSS

CVE•added 2023/12/24 9:15 p.m.•30 views

CVE-2023-7091

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to th...

8.8CVSS7.6AI score0.00269EPSS

CVE•added 2023/11/30 2:15 p.m.•29 views

CVE-2023-48914

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.

8.8CVSS8.8AI score0.00167EPSS

CVE•added 2023/12/14 7:15 p.m.•27 views

CVE-2023-50017

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup

8.8CVSS8.8AI score0.00237EPSS

CVE•added 2023/09/25 4:15 p.m.•26 views

CVE-2023-43382

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.

8.8CVSS8.8AI score0.02724EPSS

CVE•added 2023/11/30 2:15 p.m.•26 views

CVE-2023-48913

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.

8.8CVSS8.8AI score0.00167EPSS

CVE•added 2023/11/14 3:15 p.m.•23 views

CVE-2023-48021

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update.

8.8CVSS8.8AI score0.00163EPSS

CVE•added 2023/11/30 2:15 p.m.•20 views

CVE-2023-48912

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.

8.8CVSS8.8AI score0.00167EPSS