22 results (0.004 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read. Dreamer CMS anterior a la versión 4.0.1 es vulnerable a Directory Traversal. La gestión de plantillas en segundo plano permite la modificación arbitraria del archivo de plantilla, lo que permite leer archivos confidenciales del sistema. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NOFN • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability. En Dreamer CMS anterior a 4.0.1, la oficina de administración de archivos adjuntos backend tiene una vulnerabilidad de descarga arbitraria de archivos. • https://gitee.com/iteachyou/dreamer_cms/issues/I6NDEZ • CWE-494: Download of Code Without Integrity Check •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. Dreamer_cms 4.1.3 es vulnerable a Cross Site Request Forgery (CSRF) a través de Agregar permisos a CSRF en Gestión de Permisos. • https://github.com/moonsabc123/dreamer_cms/blob/main/Add%20permissions%20to%20CSRF%20in%20Permission%20Management.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. Se descubrió un problema en dreamer_cms 4.1.3. Existe una vulnerabilidad CSRF que puede eliminar un proyecto de tema a través de /admin/category/delete. • https://github.com/CP1379767017/cms/blob/dreamcms_vul/There%20is%20a%20CSRF%20vulnerability%20at%20th%20menu%20management%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run Se descubrió que Dreamer CMS v4.1.3 contiene Cross-Site Request Forgery (CSRF) a través del componente /admin/task/run • https://github.com/CP1379767017/cms/blob/main/CSRF%20exists%20at%20the%20task%20management%20execution%20task%20location.md • CWE-352: Cross-Site Request Forgery (CSRF) •