CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4743 – Dreamer CMS file access
https://notcve.org/view.php?id=CVE-2023-4743
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. • https://github.com/FFR66/Dreamer-CMS_Unauthorized-access-vulnerability https://vuldb.com/?ctiid.238632 https://vuldb.com/?id.238632 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2473 – Dreamer CMS Password Hash Calculation UserController.java updatePwd algorithmic complexity
https://notcve.org/view.php?id=CVE-2023-2473
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. • https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7 https://vuldb.com/?ctiid.227860 https://vuldb.com/?id.227860 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27084
https://notcve.org/view.php?id=CVE-2023-27084
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. • https://gitee.com/isoftforce/dreamer_cms/issues/I6GCUN https://github.com/iteachyou-wjn/dreamer_cms/issues/9 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0513 – isoftforce Dreamer CMS cross site scripting
https://notcve.org/view.php?id=CVE-2023-0513
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/isoftforce/dreamer_cms/issues/I68UYM https://gitee.com/isoftforce/dreamer_cms/tree/Latest_Stable_Release_4.1.3 https://vuldb.com/?ctiid.219334 https://vuldb.com/?id.219334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-42245
https://notcve.org/view.php?id=CVE-2022-42245
Dreamer CMS 4.0.01 is vulnerable to SQL Injection. Dreamer CMS 4.0.01 es vulnerable a la inyección SQL. • https://gitee.com/isoftforce/dreamer_cms/issues/I5U408 https://packetstormsecurity.com/files/171585/Dreamer-CMS-4.0.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •