Dreamer Cms Security Vulnerabilities and Issues — Dreamer Cms CVE List

Lucene search

IteachyouDreamer Cms

31 matches found

CVE•added 2023/10/17 2:15 p.m.•89 views

CVE-2023-45907

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/10/17 2:15 p.m.•87 views

CVE-2023-45903

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/09/27 3:19 p.m.•81 views

CVE-2023-43856

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.

7.5CVSS7.5AI score0.00158EPSS

CVE•added 2023/10/17 2:15 p.m.•75 views

CVE-2023-45906

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.

8.8CVSS8.8AI score0.00099EPSS

CVE•added 2023/10/17 2:15 p.m.•71 views

CVE-2023-45902

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.

8.8CVSS8.8AI score0.00099EPSS

CVE•added 2023/10/17 2:15 p.m.•70 views

CVE-2023-45904

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.

8.8CVSS8.8AI score0.00099EPSS

CVE•added 2023/03/16 2:15 a.m.•63 views

CVE-2023-27084

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.

5.3CVSS4.9AI score0.00023EPSS

CVE•added 2023/09/21 6:15 p.m.•58 views

CVE-2023-42279

Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form.

9.8CVSS9.8AI score0.00066EPSS

CVE•added 2023/11/13 4:15 p.m.•56 views

CVE-2023-48058

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/10/17 2:15 p.m.•53 views

CVE-2023-45901

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/category/add.

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/11/13 4:15 p.m.•51 views

CVE-2023-48060

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/09/03 11:15 p.m.•47 views

CVE-2023-4743

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an...

4.8CVSS4.5AI score0.00063EPSS

CVE•added 2023/01/26 9:18 p.m.•45 views

CVE-2023-0513

A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading ...

5.4CVSS4.4AI score0.00294EPSS

CVE•added 2023/04/18 3:15 p.m.•42 views

CVE-2023-29774

Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).

5.4CVSS5.3AI score0.00084EPSS

CVE•added 2023/11/18 2:15 a.m.•42 views

CVE-2023-48017

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management.

8.8CVSS8.8AI score0.00059EPSS

CVE•added 2023/03/30 11:15 p.m.•41 views

CVE-2023-1746

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to th...

5.4CVSS4.4AI score0.0007EPSS

CVE•added 2023/10/17 2:15 p.m.•40 views

CVE-2023-45905

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.

8.8CVSS8.8AI score0.00076EPSS

CVE•added 2023/11/14 3:15 p.m.•38 views

CVE-2023-48020

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.

8.8CVSS8.8AI score0.00163EPSS

CVE•added 2023/05/02 1:15 p.m.•32 views

CVE-2023-2473

A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be in...

7.5CVSS5.8AI score0.00047EPSS

CVE•added 2023/12/08 3:15 p.m.•30 views

CVE-2023-49484

Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department.

5.4CVSS5.3AI score0.00101EPSS

CVE•added 2023/12/24 9:15 p.m.•30 views

CVE-2023-7091

A vulnerability was found in Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /upload/uploadFile. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to th...

8.8CVSS7.6AI score0.00269EPSS

CVE•added 2023/11/30 2:15 p.m.•29 views

CVE-2023-48914

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add.

8.8CVSS8.8AI score0.00167EPSS

CVE•added 2023/09/27 3:19 p.m.•28 views

CVE-2023-43857

Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.

5.4CVSS5.3AI score0.00251EPSS

CVE•added 2023/12/14 7:15 p.m.•27 views

CVE-2023-50017

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup

8.8CVSS8.8AI score0.00237EPSS

CVE•added 2023/09/25 4:15 p.m.•26 views

CVE-2023-43382

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function.

8.8CVSS8.8AI score0.02724EPSS

CVE•added 2023/11/30 2:15 p.m.•26 views

CVE-2023-48913

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete.

8.8CVSS8.8AI score0.00167EPSS

CVE•added 2023/11/13 4:15 p.m.•24 views

CVE-2023-48063

An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.

4.3CVSS4.6AI score0.00051EPSS

CVE•added 2023/11/29 5:15 a.m.•23 views

CVE-2023-46887

In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.

7.5CVSS7.5AI score0.00169EPSS

CVE•added 2023/11/14 3:15 p.m.•23 views

CVE-2023-48021

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update.

8.8CVSS8.8AI score0.00163EPSS

CVE•added 2023/11/29 5:15 a.m.•21 views

CVE-2023-46886

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.

9.1CVSS9.1AI score0.00586EPSS

CVE•added 2023/11/30 2:15 p.m.•20 views

CVE-2023-48912

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit.

8.8CVSS8.8AI score0.00167EPSS